| CVE-2012-5489 |
medium |
— |
6.5 |
|
|
|
12y ago |
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 2.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to g… |
| CVE-2012-5486 |
medium |
— |
6.4 |
|
|
|
8y ago |
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character. |
| CVE-2009-5145 |
medium |
6.1 |
6.1 |
|
|
|
4y ago |
Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12. |
| CVE-2012-6661 |
medium |
— |
5.0 |
|
|
|
8y ago |
Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via … |
| CVE-2012-5507 |
medium |
— |
4.3 |
|
|
|
8y ago |
AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in pa… |
| CVE-2010-1104 |
medium |
— |
4.3 |
|
|
|
16y ago |
Moderate severity vulnerability that affects Zope2 |
