Search for packages
| purl | pkg:pypi/zope2@2.9.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-kmk8-jqhn-tuee
Aliases: CVE-2010-1104 GHSA-v7q8-wvvh-c97p |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in Zope allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-w2pe-bdy4-9ffb
Aliases: CVE-2006-3458 GHSA-jcjp-qqpq-pc54 PYSEC-2006-7 |
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:42:15.312578+00:00 | GitLab Importer | Affected by | VCID-w2pe-bdy4-9ffb | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Zope2/CVE-2006-3458.yml | 38.6.0 |
| 2026-06-02T04:38:04.863831+00:00 | GitLab Importer | Affected by | VCID-kmk8-jqhn-tuee | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Zope2/CVE-2010-1104.yml | 38.6.0 |