GCVE - cpe:2.3:a:zope:zope:2.12.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:zope:zope:2.12.0:*:*:*:*:*:*:*

part: a version: 2.12.0 update: *

Vendor	Zope (`400d8950-2847-5748-8fcd-7612c2170a9a`)
Product	Zope (`0a3941f2-1c45-5687-af62-1666d59c833f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/zopefoundation/zope`	purl2cpe	2026-06-01 10:18:07.069320
`pkg:pypi/zope`	purl2cpe	2026-06-01 10:18:07.069321
`pkg:sourceforge/zope`	purl2cpe	2026-06-01 10:18:07.069322

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-3587`	vulnerable	2026-06-08 04:59:26.482003	Details available Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules. Published: 2011-10-10T10:00:00.000Z Updated: 2024-08-06T23:37:48.380Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=742297 http://secunia.com/advisories/46221 http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0 http://secunia.com/advisories/46323 http://plone.org/products/plone/security/advisories/20110928	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2528`	vulnerable	2026-06-08 04:58:07.455188	Details available Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720. Published: 2011-07-19T20:00:00.000Z Updated: 2024-08-06T23:08:21.987Z Open on db.gcve.eu Reference links http://secunia.com/advisories/45056 http://plone.org/products/plone/security/advisories/20110622 https://bugzilla.redhat.com/show_bug.cgi?id=718824 http://www.openwall.com/lists/oss-security/2011/07/12/9 https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-1104`	vulnerable	2026-06-08 04:54:05.216455	Details available Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages. Published: 2010-03-25T17:00:00.000Z Updated: 2024-08-07T01:14:06.107Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2010/0104 http://www.securityfocus.com/bid/37765 http://www.osvdb.org/61655 https://exchange.xforce.ibmcloud.com/vulnerabilities/55599 https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-5145`	vulnerable	2026-06-08 04:51:52.174062	Details available Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12. Published: 2017-08-07T17:00:00.000Z Updated: 2024-08-07T07:32:22.382Z Open on db.gcve.eu Reference links https://bugs.launchpad.net/zope2/+bug/490514 http://www.securityfocus.com/bid/72792/info http://www.openwall.com/lists/oss-security/2015/03/02/7 http://cve.killedkenny.io/cve/CVE-2009-5145 https://github.com/zopefoundation/Zope/commit/2abdf14620f146857dc8e3ffd2b6a754884c331d	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.