製品・ソフトウェアに関する情報

JVN脆弱性詳細

Zope におけるクロスサイトスクリプティングの脆弱性

Title	Zope におけるクロスサイトスクリプティングの脆弱性
Summary	Zope には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	第三者により、任意の Web スクリプトまたは HTML を挿入される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	March 25, 2010, midnight
Registration Date	April 9, 2010, 4:21 p.m.
Last Update	April 9, 2010, 4:21 p.m.

CVSS2.0 : 警告
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:N

Affected System

Zope Foundation

Zope 2.10.11 未満

Zope 2.11.6 未満

Zope 2.12.3 未満

Zope 2.8.12 未満

Zope 2.9.12 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-1104	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1104
National Vulnerability Database (NVD)
2	CVE-2010-1104	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1104

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	Name	URL
Zope
1	2010-January_002229	https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html

その他

No	Name	URL
ISS X-Force Database
1	55599	http://xforce.iss.net/xforce/xfdb/55599
OPEN SOURCE VULNERABILITY DATABASE (OSVDB)
2	61655	http://osvdb.org/61655
Secunia Advisory
3	SA38007	http://secunia.com/advisories/38007/
SecurityFocus
4	37765	http://www.securityfocus.com/bid/37765
VUPEN Security
5	VUPEN/ADV-2010-0104	http://www.vupen.com/english/advisories/2010/0104

Change Log

No	Changed Details	Date of change
0	[2010年04月09日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-1104

Summary	Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.
Publication Date	March 26, 2010, 2:30 a.m.
Registration Date	Jan. 29, 2021, 10:58 a.m.
Last Update	Aug. 17, 2017, 10:32 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:zope:zope:2.8:::::::*
cpe:2.3:a:zope:zope:2.8.0:::::::*
cpe:2.3:a:zope:zope:2.8.0-a1:::::::*
cpe:2.3:a:zope:zope:2.8.0-a2:::::::*
cpe:2.3:a:zope:zope:2.8.0-b1:::::::*
cpe:2.3:a:zope:zope:2.8.0-b2:::::::*
cpe:2.3:a:zope:zope:2.8.0-final:::::::*
cpe:2.3:a:zope:zope:2.8.1:::::::*
cpe:2.3:a:zope:zope:2.8.1-b1:::::::*
cpe:2.3:a:zope:zope:2.8.1-final:::::::*
cpe:2.3:a:zope:zope:2.8.2:::::::*
cpe:2.3:a:zope:zope:2.8.3:::::::*
cpe:2.3:a:zope:zope:2.8.4:::::::*
cpe:2.3:a:zope:zope:2.8.5:::::::*
cpe:2.3:a:zope:zope:2.8.6:::::::*
cpe:2.3:a:zope:zope:2.8.7:::::::*
cpe:2.3:a:zope:zope:2.8.8:::::::*
cpe:2.3:a:zope:zope:2.8.9:::::::*
cpe:2.3:a:zope:zope:2.8.9.1:::::::*
cpe:2.3:a:zope:zope:2.8.10:::::::*
cpe:2.3:a:zope:zope:2.8.11:::::::*
cpe:2.3:a:zope:zope:2.9.0:::::::*
cpe:2.3:a:zope:zope:2.9.0-b1:::::::*
cpe:2.3:a:zope:zope:2.9.0-b2:::::::*
cpe:2.3:a:zope:zope:2.9.1:::::::*
cpe:2.3:a:zope:zope:2.9.2:::::::*
cpe:2.3:a:zope:zope:2.9.3:::::::*
cpe:2.3:a:zope:zope:2.9.4:::::::*
cpe:2.3:a:zope:zope:2.9.5:::::::*
cpe:2.3:a:zope:zope:2.9.6:::::::*
cpe:2.3:a:zope:zope:2.9.7:::::::*
cpe:2.3:a:zope:zope:2.9.8:::::::*
cpe:2.3:a:zope:zope:2.9.9:::::::*
cpe:2.3:a:zope:zope:2.9.10:::::::*
cpe:2.3:a:zope:zope:2.9.11:::::::*
cpe:2.3:a:zope:zope:2.10.0-b1:::::::*
cpe:2.3:a:zope:zope:2.10.0-b2:::::::*
cpe:2.3:a:zope:zope:2.10.0-c1:::::::*
cpe:2.3:a:zope:zope:2.10.0-final:::::::*
cpe:2.3:a:zope:zope:2.10.2:::::::*
cpe:2.3:a:zope:zope:2.10.2-b1:::::::*
cpe:2.3:a:zope:zope:2.10.2-final:::::::*
cpe:2.3:a:zope:zope:2.10.3:::::::*
cpe:2.3:a:zope:zope:2.10.3-final:::::::*
cpe:2.3:a:zope:zope:2.10.4-final:::::::*
cpe:2.3:a:zope:zope:2.10.5:::::::*
cpe:2.3:a:zope:zope:2.10.6:::::::*
cpe:2.3:a:zope:zope:2.10.7:::::::*
cpe:2.3:a:zope:zope:2.10.8:::::::*
cpe:2.3:a:zope:zope:2.10.9:::::::*
cpe:2.3:a:zope:zope:2.10.10:::::::*
cpe:2.3:a:zope:zope:2.10.11:::::::*
cpe:2.3:a:zope:zope:2.11.0:::::::*
cpe:2.3:a:zope:zope:2.11.0a1:::::::*
cpe:2.3:a:zope:zope:2.11.0b1:::::::*
cpe:2.3:a:zope:zope:2.11.0c1:::::::*
cpe:2.3:a:zope:zope:2.11.1:::::::*
cpe:2.3:a:zope:zope:2.11.2:::::::*
cpe:2.3:a:zope:zope:2.11.3:::::::*
cpe:2.3:a:zope:zope:2.11.4:::::::*
cpe:2.3:a:zope:zope:2.11.5:::::::*
cpe:2.3:a:zope:zope:2.12.0:::::::*
cpe:2.3:a:zope:zope:2.12.1:::::::*
cpe:2.3:a:zope:zope:2.12.2:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/38007	SECUNIA	Vendor Advisory
2	http://www.osvdb.org/61655	OSVDB
3	http://www.securityfocus.com/bid/37765	BID
4	http://www.vupen.com/english/advisories/2010/0104	VUPEN	Patch Vendor Advisory
5	https://exchange.xforce.ibmcloud.com/vulnerabilities/55599	XF
6	https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html	MLIST	Patch Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:zope:zope:2.8:::::::*
cpe:2.3:a:zope:zope:2.8.0:::::::*
cpe:2.3:a:zope:zope:2.8.0-a1:::::::*
cpe:2.3:a:zope:zope:2.8.0-a2:::::::*
cpe:2.3:a:zope:zope:2.8.0-b1:::::::*
cpe:2.3:a:zope:zope:2.8.0-b2:::::::*
cpe:2.3:a:zope:zope:2.8.0-final:::::::*
cpe:2.3:a:zope:zope:2.8.1:::::::*
cpe:2.3:a:zope:zope:2.8.1-b1:::::::*
cpe:2.3:a:zope:zope:2.8.1-final:::::::*
cpe:2.3:a:zope:zope:2.8.2:::::::*
cpe:2.3:a:zope:zope:2.8.3:::::::*
cpe:2.3:a:zope:zope:2.8.4:::::::*
cpe:2.3:a:zope:zope:2.8.5:::::::*
cpe:2.3:a:zope:zope:2.8.6:::::::*
cpe:2.3:a:zope:zope:2.8.7:::::::*
cpe:2.3:a:zope:zope:2.8.8:::::::*
cpe:2.3:a:zope:zope:2.8.9:::::::*
cpe:2.3:a:zope:zope:2.8.9.1:::::::*
cpe:2.3:a:zope:zope:2.8.10:::::::*
cpe:2.3:a:zope:zope:2.8.11:::::::*
cpe:2.3:a:zope:zope:2.9.0:::::::*
cpe:2.3:a:zope:zope:2.9.0-b1:::::::*
cpe:2.3:a:zope:zope:2.9.0-b2:::::::*
cpe:2.3:a:zope:zope:2.9.1:::::::*
cpe:2.3:a:zope:zope:2.9.2:::::::*
cpe:2.3:a:zope:zope:2.9.3:::::::*
cpe:2.3:a:zope:zope:2.9.4:::::::*
cpe:2.3:a:zope:zope:2.9.5:::::::*
cpe:2.3:a:zope:zope:2.9.6:::::::*
cpe:2.3:a:zope:zope:2.9.7:::::::*
cpe:2.3:a:zope:zope:2.9.8:::::::*
cpe:2.3:a:zope:zope:2.9.9:::::::*
cpe:2.3:a:zope:zope:2.9.10:::::::*
cpe:2.3:a:zope:zope:2.9.11:::::::*
cpe:2.3:a:zope:zope:2.10.0-b1:::::::*
cpe:2.3:a:zope:zope:2.10.0-b2:::::::*
cpe:2.3:a:zope:zope:2.10.0-c1:::::::*
cpe:2.3:a:zope:zope:2.10.0-final:::::::*
cpe:2.3:a:zope:zope:2.10.2:::::::*
cpe:2.3:a:zope:zope:2.10.2-b1:::::::*
cpe:2.3:a:zope:zope:2.10.2-final:::::::*
cpe:2.3:a:zope:zope:2.10.3:::::::*
cpe:2.3:a:zope:zope:2.10.3-final:::::::*
cpe:2.3:a:zope:zope:2.10.4-final:::::::*
cpe:2.3:a:zope:zope:2.10.5:::::::*
cpe:2.3:a:zope:zope:2.10.6:::::::*
cpe:2.3:a:zope:zope:2.10.7:::::::*
cpe:2.3:a:zope:zope:2.10.8:::::::*
cpe:2.3:a:zope:zope:2.10.9:::::::*
cpe:2.3:a:zope:zope:2.10.10:::::::*
cpe:2.3:a:zope:zope:2.10.11:::::::*
cpe:2.3:a:zope:zope:2.11.0:::::::*
cpe:2.3:a:zope:zope:2.11.0a1:::::::*
cpe:2.3:a:zope:zope:2.11.0b1:::::::*
cpe:2.3:a:zope:zope:2.11.0c1:::::::*
cpe:2.3:a:zope:zope:2.11.1:::::::*
cpe:2.3:a:zope:zope:2.11.2:::::::*
cpe:2.3:a:zope:zope:2.11.3:::::::*
cpe:2.3:a:zope:zope:2.11.4:::::::*
cpe:2.3:a:zope:zope:2.11.5:::::::*
cpe:2.3:a:zope:zope:2.12.0:::::::*
cpe:2.3:a:zope:zope:2.12.1:::::::*
cpe:2.3:a:zope:zope:2.12.2:::::::*