Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-44389

Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6.

Published

2023-10-04T21:15:10.360

Last Modified

2024-11-21T08:25:48.073

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.1 (LOW)

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	zope	zope	< 4.8.11	Yes
Application	zope	zope	< 5.8.6	Yes

References

https://github.com/zopefoundation/Zope/commit/21dfa78609ffd8b6bd8143805678ebbacae5141a Patch ([email protected])
https://github.com/zopefoundation/Zope/commit/aeaf2cdc80dff60815e3706af448f086ddc3b98d Patch ([email protected])
https://github.com/zopefoundation/Zope/security/advisories/GHSA-m755-gxxg-r5qh Vendor Advisory ([email protected])
https://github.com/zopefoundation/Zope/commit/21dfa78609ffd8b6bd8143805678ebbacae5141a Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/zopefoundation/Zope/commit/aeaf2cdc80dff60815e3706af448f086ddc3b98d Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/zopefoundation/Zope/security/advisories/GHSA-m755-gxxg-r5qh Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)