CVE-2011-4924
Zope XSS Vulnerability
6.1
MEDIUM
CVSS 3.1
EPSS 0.99%
Description
Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104
How to fix CVE-2011-4924
To remediate CVE-2011-4924, upgrade the affected package to a fixed version below.
- —upgrade to 3.7.3 or later
- —upgrade to 2.12.22 or later
Is CVE-2011-4924 being exploited?
Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 3.1.1, < 3.7.3
- from 0, < 2.12.22
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |