Vulnerability Name: | CVE-2010-1104 (CCN-55599) |
Assigned: | 2010-01-13 |
Published: | 2010-01-13 |
Updated: | 2017-08-17 |
Summary: | Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages. |
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): None Integrity (I): Low Availibility (A): None |
|
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None | Impact Metrics: | Confidentiality (C): None Integrity (I): Partial Availibility (A): None | 4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
| Impact Metrics: | Confidentiality (C): None Integrity (I): Partial Availibility (A): None | 4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None | Impact Metrics: | Confidentiality (C): None Integrity (I): Partial Availibility (A): None |
|
Vulnerability Type: | CWE-79
|
Vulnerability Consequences: | Gain Access |
References: | Source: MITRE Type: CNA CVE-2010-1104
Source: CCN Type: Freshmeat Web Site Version 3.3.4 of Plone CMS
Source: CCN Type: Plone Web site Plone
Source: CCN Type: RHSA-2012-0151 Moderate: conga security, bug fix, and enhancement update
Source: CCN Type: SA38007 Zope "standard_error_message" Cross-Site Scripting Vulnerability
Source: SECUNIA Type: Vendor Advisory 38007
Source: CCN Type: SA38334 Plone Error Page Cross-Site Scripting Vulnerability
Source: OSVDB Type: UNKNOWN 61655
Source: CCN Type: OSVDB ID: 61655 Zope standard_error_message Template XSS
Source: BID Type: UNKNOWN 37765
Source: CCN Type: BID-37765 Zope 'standard_error_message' Cross-Site Scripting Vulnerability
Source: VUPEN Type: Patch, Vendor Advisory ADV-2010-0104
Source: XF Type: UNKNOWN zope-standarderrormessage-xss(55599)
Source: XF Type: UNKNOWN zope-standarderrormessage-xss(55599)
Source: CCN Type: Zope-Annce January 2010 New Zope2 releases available
Source: MLIST Type: Patch, Vendor Advisory [zope-announce] 20100112 New Zope2 releases available
|
Vulnerable Configuration: | Configuration 1: cpe:/a:zope:zope:2.8:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.8.0:-:*:*:*:*:*:*OR cpe:/a:zope:zope:2.8.0-a1:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.8.0-a2:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.8.0-b1:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.8.0-b2:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.8.0-final:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.8.1:-:*:*:*:*:*:*OR cpe:/a:zope:zope:2.8.1-b1:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.8.1-final:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.8.2:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.8.3:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.8.4:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.8.5:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.8.6:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.8.7:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.8.8:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.8.9:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.8.9.1:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.8.10:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.8.11:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.9.0:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.9.0-b1:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.9.0-b2:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.9.1:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.9.2:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.9.3:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.9.4:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.9.5:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.9.6:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.9.7:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.9.8:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.9.9:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.9.10:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.9.11:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.10.0-b1:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.10.0-b2:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.10.0-c1:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.10.0-final:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.10.2:-:*:*:*:*:*:*OR cpe:/a:zope:zope:2.10.2-b1:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.10.2-final:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.10.3:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.10.3-final:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.10.4-final:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.10.5:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.10.6:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.10.7:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.10.8:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.10.9:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.10.10:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.10.11:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.11.0:-:*:*:*:*:*:*OR cpe:/a:zope:zope:2.11.0a1:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.11.0b1:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.11.0c1:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.11.1:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.11.2:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.11.3:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.11.4:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.11.5:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.12.0:-:*:*:*:*:*:*OR cpe:/a:zope:zope:2.12.1:*:*:*:*:*:*:*OR cpe:/a:zope:zope:2.12.2:*:*:*:*:*:*:* Configuration RedHat 1: cpe:/a:redhat:rhel_cluster:5:*:*:*:*:*:*:* Configuration CCN 1: cpe:/a:zope:zope:2.8:*:*:*:*:*:*:*AND cpe:/a:redhat:rhel_cluster:5:*:*:*:*:*:*:*OR cpe:/a:plone:plone:3.3.3:*:*:*:*:*:*:*
Denotes that component is vulnerable |
Oval Definitions |
|
BACK |