{"id":"PYSEC-2017-148","details":"Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12.","modified":"2025-10-09T05:28:01.695655Z","published":"2017-08-07T17:29:00Z","withdrawn":"2024-11-22T04:37:05Z","references":[{"type":"WEB","url":"https://security-tracker.debian.org/tracker/CVE-2009-5145/"},{"type":"FIX","url":"https://github.com/zopefoundation/Zope/commit/2abdf14620f146857dc8e3ffd2b6a754884c331d"},{"type":"WEB","url":"https://bugs.launchpad.net/zope2/+bug/490514"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/72792/info"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2015/03/02/7"},{"type":"WEB","url":"http://cve.killedkenny.io/cve/CVE-2009-5145"}],"affected":[{"package":{"name":"zope","ecosystem":"PyPI","purl":"pkg:pypi/zope"},"ranges":[{"type":"GIT","repo":"https://github.com/zopefoundation/Zope","events":[{"introduced":"0"},{"fixed":"2abdf14620f146857dc8e3ffd2b6a754884c331d"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.0","4.0b1","4.0b10","4.0b2","4.0b3","4.0b4","4.0b5","4.0b6","4.0b7","4.0b8","4.0b9","4.1","4.1.1","4.1.2","4.1.3","4.2","4.2.1","4.3","4.4","4.4.1","4.4.2","4.4.3","4.4.4","4.5","4.5.1","4.5.2","4.5.3","4.5.4","4.5.5","4.6","4.6.1","4.6.2","4.6.3","4.7","4.8","4.8.1","4.8.10","4.8.11","4.8.2","4.8.3","4.8.4","4.8.5","4.8.6","4.8.7","4.8.8","4.8.9","5.0","5.0a1","5.0a2","5.1","5.1.1","5.1.2","5.10","5.11","5.11.1","5.2","5.2.1","5.3","5.4","5.5","5.5.1","5.5.2","5.6","5.7","5.7.1","5.7.2","5.7.3","5.8","5.8.1","5.8.2","5.8.3","5.8.4","5.8.5","5.8.6","5.9","5.12","5.13"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/zope/PYSEC-2017-148.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}