FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

zope -- cross-site scripting vulnerability

Affected packages
zope < 2.7.9_2
2.8.0 <= zope <= 2.8.8
2.9.0 <= zope <= 2.9.6
2.10.0 <= zope <= 2.10.2
plone < 2.5.3

Details

VuXML ID 34414a1e-e377-11db-b8ab-000c76189c4c
Discovery 2007-01-16
Entry 2007-04-05
Modified 2009-03-22

The Zope Team reports:

A vulnerability has been discovered in Zope, where by certain types of misuse of HTTP GET, an attacker could gain elevated privileges. All Zope versions up to and including 2.10.2 are affected.

References

Bugtraq ID 23084
CVE Name CVE-2007-0240
FreeBSD PR ports/111119
URL http://plone.org/products/plone/releases/2.5.3
URL http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement/view