cbcvebase.

Zopefoundation Zope vulnerabilities

5 known vulnerabilities affecting zopefoundation/zope.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2021-32633P3HIGHCVSS 8.8fixed in 4.6v>= 5.0, < 5.22021-05-21
CVE-2021-32633 [HIGH] CWE-22 CVE-2021-32633: Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can acce Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites that allow untrusted users to add/edit Zope Page Templat
nvd
CVE-2021-32674P3HIGHCVSS 8.8v>= 5.0.0, < 5.2.1fixed in 4.6.12021-06-08
CVE-2021-32674 [HIGH] CWE-22 CVE-2021-32674: Zope is an open-source web application server. This advisory extends the previous advisory at https: Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL expressions that you can add through-the-web, for example i
nvd
CVE-2021-32811P3HIGHCVSS 7.2v>= 4.0, < 4.6.3v>= 5.0, < 5.32021-08-02
CVE-2021-32811 [HIGH] CWE-915 CVE-2021-32811: Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope deployment, run Zope 4 below version 4.6.3 or Zope 5 below version 5.3, and have the optional `Products.PythonScripts` add-on package installed. By defaul
nvd
CVE-2023-42458P4MEDIUMCVSS 5.4fixed in 4.8.10v>= 5.0.0, < 5.8.52023-09-21
CVE-2023-42458 [MEDIUM] CWE-79 CVE-2023-42458: Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image,
nvd
CVE-2023-44389P4MEDIUMCVSS 4.8v>= 4.0.0, < 4.8.11v>= 5.0.0, < 5.8.62023-10-04
CVE-2023-44389 [MEDIUM] CWE-79 CVE-2023-44389: Zope is an open-source web application server. The title property, available on most Zope objects, c Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6.
nvd
Zopefoundation Zope vulnerabilities | cvebase