You are not logged in Log in Join
You are here: Home » Download Zope Products » Zope » Hotfix-2007-03-20

Log in




This hotfix corrects a cross-site scripting vulnerability in Zope2, where an attacker can use a hidden GET request to leverage a authenticated user's credentials to alter security settings and/or user accounts.

Up one level

 Title   Type   Size   Last Modified   Description 
Hotfix-20070320 Software Release   2007-03-25  
CVE-2007-0240: Hotfix for cross-site scripting vulnerability News Item 1 K 2007-03-21

A vulnerability has been discovered in Zope, where by certain types of misuse of HTTP GET, an attacker could gain elevated privileges. All Zope versions up to and including 2.10.2 are affected.