Vigil@nce - Zope 2: Cross Site Scripting via standard_error_message
February 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate a Cross Site Scripting in the error
template of Zope version 2.
Severity: 2/4
Creation date: 19/01/2012
IMPACTED PRODUCTS
– Zope
DESCRIPTION OF THE VULNERABILITY
The bulletin VIGILANCE-VUL-9343 (https://vigilance.fr/tree/1/9343)
describes a Cross Site Scripting in the error template of Zope
version 2.
However, an attack variant was not corrected.
An attacker can therefore generate a Cross Site Scripting in the
error template of Zope version 2.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Zope-2-Cross-Site-Scripting-via-standard-error-message-11305