PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements.
CVSS Score
4.0
EPSS Score
0.112
Published
2008-11-17
Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request.
CVSS Score
4.3
EPSS Score
0.007
Published
2007-03-22
Page 2