Test ID:	1.3.6.1.4.1.25623.1.0.100455
Category:	Web Servers
Title:	Zope 'standard_error_message' Cross-Site Scripting Vulnerability
Summary:	Determine the Zope version
Description:	Overview: Zope is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The issue affects versions prior to Zope 2.12.3, 2.11.6, 2.10.11, 2.9.12, and 2.8.12. Solution: The vendor has released updates. Please see the references for details. References: http://www.securityfocus.com/bid/37765 https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html http://www.zope.org
Cross-Ref:	BugTraq ID: 37765 Common Vulnerability Exposure (CVE) ID: CVE-2010-1104 https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html http://www.securityfocus.com/bid/37765 http://www.osvdb.org/61655 http://secunia.com/advisories/38007 http://www.vupen.com/english/advisories/2010/0104 XForce ISS Database: zope-standarderrormessage-xss(55599) http://xforce.iss.net/xforce/xfdb/55599
Copyright	This script is Copyright (C) 2010 Greenbone Networks GmbH

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: