{
  "threat_severity" : "Moderate",
  "public_date" : "2010-01-13T00:00:00Z",
  "bugzilla" : {
    "description" : "zope: XSS on error page",
    "id" : "577019",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=577019"
  },
  "cvss" : {
    "cvss_base_score" : "4.3",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-79",
  "details" : [ "Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2012-02-21T00:00:00Z",
    "advisory" : "RHSA-2012:0151",
    "cpe" : "cpe:/a:redhat:rhel_cluster:5",
    "package" : "conga-0:0.12.2-51.el5"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Affected",
    "package_name" : "conga",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2010-1104\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-1104" ],
  "name" : "CVE-2010-1104",
  "csaw" : false
}