You are not logged in Log in Join
You are here: Home » Download Zope Products » Zope » Hotfix-2007-03-20
Log in
Name

Password

 
Link icon Forgot your password?
Print

Hotfix-2007-03-20

This hotfix corrects a cross-site scripting vulnerability in Zope2, where an attacker can use a hidden GET request to leverage a authenticated user's credentials to alter security settings and/or user accounts.

Up one level

 Title   Type   Size   Last Modified   Description 
Hotfix-20070320 Software Release   2007-03-25  
CVE-2007-0240: Hotfix for cross-site scripting vulnerability News Item 1 K 2007-03-21

A vulnerability has been discovered in Zope, where by certain types of misuse of HTTP GET, an attacker could gain elevated privileges. All Zope versions up to and including 2.10.2 are affected.
Copyright (c) 2011 Zope Foundation. All rights reserved. Legal | Contact
If you can read this text, it means you are not experiencing the Plone design at its best. Plone makes heavy use of CSS, which means it is accessible to any internet browser, but the design needs a standards-compliant browser to look like we intended it. Just so you know ;)