CVE-2023-44389

Published: Oct 4, 2023

Modified: Nov 27, 2024

PUBLISHED

CVSS v3.1

3.1

LOW

Description

Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6.

Vendor	Product	Versions
zopefoundation	Zope	affected `>= 4.0.0, < 4.8.11` affected `>= 5.0.0, < 5.8.6`

Weaknesses (CWE)

CWE-79

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

References

https://github.com/zopefoundation/Zope/security/advisories/GHSA-m755-gxxg-r5qh

x_refsource_CONFIRM

https://github.com/zopefoundation/Zope/commit/21dfa78609ffd8b6bd8143805678ebbacae5141a

x_refsource_MISC

https://github.com/zopefoundation/Zope/commit/aeaf2cdc80dff60815e3706af448f086ddc3b98d

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-44389

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References