Vulnerability Name:

CVE-2010-1104 (CCN-55599)

Assigned:2010-01-13
Published:2010-01-13
Updated:2017-08-17
Summary:Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2010-1104

Source: CCN
Type: Freshmeat Web Site
Version 3.3.4 of Plone CMS

Source: CCN
Type: Plone Web site
Plone

Source: CCN
Type: RHSA-2012-0151
Moderate: conga security, bug fix, and enhancement update

Source: CCN
Type: SA38007
Zope "standard_error_message" Cross-Site Scripting Vulnerability

Source: SECUNIA
Type: Vendor Advisory
38007

Source: CCN
Type: SA38334
Plone Error Page Cross-Site Scripting Vulnerability

Source: OSVDB
Type: UNKNOWN
61655

Source: CCN
Type: OSVDB ID: 61655
Zope standard_error_message Template XSS

Source: BID
Type: UNKNOWN
37765

Source: CCN
Type: BID-37765
Zope 'standard_error_message' Cross-Site Scripting Vulnerability

Source: VUPEN
Type: Patch, Vendor Advisory
ADV-2010-0104

Source: XF
Type: UNKNOWN
zope-standarderrormessage-xss(55599)

Source: XF
Type: UNKNOWN
zope-standarderrormessage-xss(55599)

Source: CCN
Type: Zope-Annce January 2010
New Zope2 releases available

Source: MLIST
Type: Patch, Vendor Advisory
[zope-announce] 20100112 New Zope2 releases available

Vulnerable Configuration:Configuration 1:
  • cpe:/a:zope:zope:2.8:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.8.0:-:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.8.0-a1:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.8.0-a2:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.8.0-b1:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.8.0-b2:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.8.0-final:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.8.1:-:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.8.1-b1:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.8.1-final:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.8.2:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.8.3:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.8.4:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.8.5:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.8.6:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.8.7:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.8.8:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.8.9:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.8.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.8.10:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.8.11:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.9.0-b1:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.9.0-b2:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.9.4:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.9.5:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.9.6:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.9.7:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.9.8:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.9.9:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.9.10:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.9.11:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.10.0-b1:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.10.0-b2:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.10.0-c1:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.10.0-final:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.10.2:-:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.10.2-b1:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.10.2-final:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.10.3:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.10.3-final:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.10.4-final:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.10.5:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.10.6:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.10.7:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.10.8:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.10.9:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.10.10:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.10.11:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.11.0:-:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.11.0a1:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.11.0b1:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.11.0c1:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.11.1:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.11.2:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.11.3:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.11.4:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.11.5:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.12.0:-:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.12.1:*:*:*:*:*:*:*
  • OR cpe:/a:zope:zope:2.12.2:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_cluster:5:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:zope:zope:2.8:*:*:*:*:*:*:*
  • AND
  • cpe:/a:redhat:rhel_cluster:5:*:*:*:*:*:*:*
  • OR cpe:/a:plone:plone:3.3.3:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:27671
    P
    ELSA-2012-0151 -- conga security, bug fix, and enhancement update (moderate)
    2014-12-15
    oval:com.redhat.rhsa:def:20120151
    P
    RHSA-2012:0151: conga security, bug fix, and enhancement update (Moderate)
    2012-02-21
    BACK
    zope zope 2.8
    zope zope 2.8.0
    zope zope 2.8.0-a1
    zope zope 2.8.0-a2
    zope zope 2.8.0-b1
    zope zope 2.8.0-b2
    zope zope 2.8.0-final
    zope zope 2.8.1
    zope zope 2.8.1-b1
    zope zope 2.8.1-final
    zope zope 2.8.2
    zope zope 2.8.3
    zope zope 2.8.4
    zope zope 2.8.5
    zope zope 2.8.6
    zope zope 2.8.7
    zope zope 2.8.8
    zope zope 2.8.9
    zope zope 2.8.9.1
    zope zope 2.8.10
    zope zope 2.8.11
    zope zope 2.9.0
    zope zope 2.9.0-b1
    zope zope 2.9.0-b2
    zope zope 2.9.1
    zope zope 2.9.2
    zope zope 2.9.3
    zope zope 2.9.4
    zope zope 2.9.5
    zope zope 2.9.6
    zope zope 2.9.7
    zope zope 2.9.8
    zope zope 2.9.9
    zope zope 2.9.10
    zope zope 2.9.11
    zope zope 2.10.0-b1
    zope zope 2.10.0-b2
    zope zope 2.10.0-c1
    zope zope 2.10.0-final
    zope zope 2.10.2
    zope zope 2.10.2-b1
    zope zope 2.10.2-final
    zope zope 2.10.3
    zope zope 2.10.3-final
    zope zope 2.10.4-final
    zope zope 2.10.5
    zope zope 2.10.6
    zope zope 2.10.7
    zope zope 2.10.8
    zope zope 2.10.9
    zope zope 2.10.10
    zope zope 2.10.11
    zope zope 2.11.0
    zope zope 2.11.0a1
    zope zope 2.11.0b1
    zope zope 2.11.0c1
    zope zope 2.11.1
    zope zope 2.11.2
    zope zope 2.11.3
    zope zope 2.11.4
    zope zope 2.11.5
    zope zope 2.12.0
    zope zope 2.12.1
    zope zope 2.12.2
    zope zope 2.8
    redhat rhel cluster 5
    plone plone 3.3.3