icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Zope 'standard_error_message' Cross-Site Scripting Vulnerability

Medium

Synopsis

The remote web server is hosting an application that is vulnerable to a cross-site scripting attack.

Description

The remote Zope server is vulnerable to a cross-site scripting flaw related to the 'standard_error_message' template. An attacker, exploiting this flaw, could execute arbitrary script code in a user's browser.

Solution

Upgrade to Zope 2.8.12, 2.9.12, 2.10.22, 2.11.6, 2.12.3, or later.