Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Zope Web Application Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-44389)

Description

Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6.

Remediation

References

Related Vulnerabilities

SharePoint CVE-2023-33159 Vulnerability (CVE-2023-33159)

Atlassian Jira Improper Authentication Vulnerability (CVE-2021-26070)

XWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-32729)

PostgreSQL CVE-2023-5868 Vulnerability (CVE-2023-5868)

WordPress Plugin Filedownload 'download.php' Local File Disclosure (0.1)

Severity

Medium

Classification

CVE-2023-44389 CWE-707 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities