GCVE - cpe:2.3:a:zope:zope:2.8.7:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:zope:zope:2.8.7:*:*:*:*:*:*:*

part: a version: 2.8.7 update: *

Vendor	Zope (`400d8950-2847-5748-8fcd-7612c2170a9a`)
Product	Zope (`0a3941f2-1c45-5687-af62-1666d59c833f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/zopefoundation/zope`	purl2cpe	2026-06-01 10:18:07.270980
`pkg:pypi/zope`	purl2cpe	2026-06-01 10:18:07.270982
`pkg:sourceforge/zope`	purl2cpe	2026-06-01 10:18:07.270983

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2010-1104`	vulnerable	2026-06-08 04:54:05.176952	Details available Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages. Published: 2010-03-25T17:00:00.000Z Updated: 2024-08-07T01:14:06.107Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2010/0104 http://www.securityfocus.com/bid/37765 http://www.osvdb.org/61655 https://exchange.xforce.ibmcloud.com/vulnerabilities/55599 https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-5102`	vulnerable	2026-06-08 04:50:49.606847	Details available PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements. Published: 2008-11-17T18:00:00.000Z Updated: 2024-08-07T10:40:17.174Z Open on db.gcve.eu Reference links http://mail.zope.org/pipermail/zope/2008-August/174025.html http://bugs.gentoo.org/show_bug.cgi?id=246411 https://bugs.launchpad.net/zope2/+bug/257269 http://www.zope.org/Products/Zope/Hotfix-2008-08-12/README.txt http://www.zope.org/Products/Zope/Hotfix-2008-08-12/Hotfix_20080812-1.1.0.tar.gz	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-4684`	vulnerable	2026-06-08 04:49:18.550889	Details available The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458. Published: 2006-09-19T18:00:00.000Z Updated: 2024-08-07T19:23:41.180Z Open on db.gcve.eu Reference links http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html http://www.vupen.com/english/advisories/2006/3653 http://secunia.com/advisories/21953 http://www.securityfocus.com/bid/20022 http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-3458`	vulnerable	2026-06-08 04:49:09.410810	Details available Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files. Published: 2006-07-07T23:00:00.000Z Updated: 2024-08-07T18:30:33.592Z Open on db.gcve.eu Reference links http://secunia.com/advisories/21025 https://exchange.xforce.ibmcloud.com/vulnerabilities/27636 http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt http://www.vupen.com/english/advisories/2006/2681 http://secunia.com/advisories/21130	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.