CVE-2023-44389 LOW

CVE-2023-44389: Zope management interface vulnerable to stored cross site scripting via the title property

Vendor Zopefoundation

Product Zope

Weakness CWE-79 · XSS

Published October 4, 2023

Last update November 27, 2024

View on NVD All CVEs

CVSS base score

3.1/10

Attack vector Network

Attack complexity High

Privileges required High

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6.

Key dates

02Disclosure timeline

October 4, 2023 CVE published

November 27, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-44389

Related vulnerabilities

Identifiers

CVE CVE-2023-44389

CWE CWE-79

CVSS 3.1 / LOW

Affected versions

Vendor Zopefoundation

Product Zope

Affected >= 4.0.0, < 4.8.11

Vendor Zopefoundation

Product Zope

Affected >= 5.0.0, < 5.8.6

CVE-2023-44389: Zope management interface vulnerable to stored cross site scripting via the title property

01Description

02Disclosure timeline

03References

04Related CVE