[Zope-Annce] Hotfix for cross-site scripting vulnerability

[Martijn Pieters]

On 3/20/07, Martijn Pieters <mj at zopatista.com> wrote:
> A vulnerability has been discovered in Zope, where by certain types of
> misuse of HTTP GET, an attacker could gain elevated privileges. All
> Zope versions up to and including 2.10.2 are affected.

This hotfix has been assigned a CVE:

  CVE-2007-0240
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0240

-- 
Martijn Pieters