VDB
KO
MEDIUM

GHSA-v7q8-wvvh-c97p

Moderate severity vulnerability that affects Zope2

Details

Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / zope2
Introduced in: 2.8.0 Fixed in: 2.8.12
Fix pip install --upgrade 'zope2>=2.8.12'
PyPI / zope2
Introduced in: 2.9.0 Fixed in: 2.9.12
Fix pip install --upgrade 'zope2>=2.9.12'
PyPI / zope2
Introduced in: 2.10.0 Fixed in: 2.10.11
Fix pip install --upgrade 'zope2>=2.10.11'
PyPI / zope2
Introduced in: 2.11.0 Fixed in: 2.11.6
Fix pip install --upgrade 'zope2>=2.11.6'
PyPI / zope2
Introduced in: 2.12.0 Fixed in: 2.12.3
Fix pip install --upgrade 'zope2>=2.12.3'

References