PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements.
CVSS Score
4.0
EPSS Score
0.112
Published
2008-11-17
ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.
CVSS Score
7.5
EPSS Score
0.006
Published
2002-07-23
Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.
CVSS Score
7.5
EPSS Score
0.007
Published
2002-04-22