VDB
KO

PYSEC-2026-765

Moderate severity vulnerability that affects Zope2

Details

Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / zope2
Introduced in: 2.8.0 Fixed in: 2.8.12
Fix pip install --upgrade 'zope2>=2.8.12'

References