4.3

CVSS Score

Basic Information

CVE ID

CVE-2010-1104

GHSA ID

GHSA-v7q8-wvvh-c97p

EPSS Score

0.62414%

CWE

CWE-79

Published

7/23/2018

Updated

1/9/2023

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2010-1104

CVE-2010-1104: Moderate severity vulnerability that affects Zope2

Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.

(GitHub Advisory)

4.3

CVSS Score

Basic Information

CVE ID

CVE-2010-1104

GHSA ID

GHSA-v7q8-wvvh-c97p

EPSS Score

0.62414%

CWE

CWE-79

Published

7/23/2018

Updated

1/9/2023

KEV Status

Technology

Python

Technical Details

CVSS Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
Zope2	pip	>= 2.8.0, < 2.8.12	2.8.12
Zope2	pip	>= 2.9.0, < 2.9.12	2.9.12
Zope2	pip	>= 2.10.0, < 2.10.11	2.10.11
Zope2	pip	>= 2.11.0, < 2.11.6	2.11.6
Zope2	pip	>= 2.12.0, < 2.12.3	2.12.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The Zope announcement explicitly references a broken 'standard_error_message' template as the attack vector. This template handles error display and would be responsible for proper output encoding. The vulnerability manifests when: 1) This template is in a broken/insecure state, and 2) Error messages contain raw HTML markup in their string representation. The combination allows unescaped HTML/script injection into error pages. While exact code isn't available, the template name and error message handling are directly identified in primary sources as the vulnerability location.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ross-sit* s*riptin* (XSS) vuln*r**ility in Zop* *.*.x ***or* *.*.**, *.*.x ***or* *.*.**, *.**.x ***or* *.**.**, *.**.x ***or* *.**.*, *n* *.**.x ***or* *.**.* *llows r*mot* *tt**k*rs to inj**t *r*itr*ry w** s*ript or *TML vi* v**tors r*l*t** to *rr

Reasoning

T** Zop* *nnoun**m*nt *xpli*itly r***r*n**s * *rok*n 'st*n**r*_*rror_m*ss***' t*mpl*t* *s t** *tt**k v**tor. T*is t*mpl*t* **n*l*s *rror *ispl*y *n* woul* ** r*sponsi*l* *or prop*r output *n*o*in*. T** vuln*r**ility m*ni**sts w**n: *) T*is t*mpl*t* i

4.3

Basic Information

Concerned about an active attack path?

CVE-2010-1104: Moderate severity vulnerability that affects Zope2

4.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI