CVE-2023-44389

2023-10-0421:15:10

CWE-79

GitHub_M

web.nvd.nist.gov

zope

web application server

vulnerability

cve-2023-44389

nvd

security patch

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

24.4%

JSON

Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6.

Affected configurations

Nvd

Vulners

Node

zopezopeRange4.0–4.8.11

zopezopeRange5.0–5.8.6

VendorProductVersionCPE
zopezope*cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zope	zope	*	cpe:2.3:a:zope:zope::::::::

CNA Affected

[
  {
    "vendor": "zopefoundation",
    "product": "Zope",
    "versions": [
      {
        "version": ">= 4.0.0, < 4.8.11",
        "status": "affected"
      },
      {
        "version": ">= 5.0.0, < 5.8.6",
        "status": "affected"
      }
    ]
  }
]