Description
Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6.
Remediation
References
Related Vulnerabilities
WordPress Plugin My Calendar Multiple Cross-Site Scripting Vulnerabilities (2.3.9)
Werkzeug WSGI Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-25577)
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-4475)
WordPress Plugin Buddypress Component Stats Local File Inclusion (1.0)
Moodle Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2024-48896)