Description of problem: Cross-site scripting vulnerability in Zope2, where an attacker can use a hidden GET request to leverage a authenticated user's credentials to alter security settings and/or user accounts. Version-Release number of selected component (if applicable): Zope 2.8.0 - 2.8.8 Zope 2.9.0 - 2.9.6 Zope 2.10.0 - 2.10.2 How reproducible: Always Additional info: http://www.zope.org/Products/Zope/Hotfix-2007-03-20/Hotfix-20070320/README.txt
Hotfix applied
This is CVE-2007-0240