4 matches found
GHSA-HC5C-R8M5-2GFH plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait
Impact There is a stored cross site scripting vulnerability for SVG images uploaded in user portraits. Note that a page that uses an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first ne...
plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait
Impact There is a stored cross site scripting vulnerability for SVG images uploaded in user portraits. Note that a page that uses an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first ne...
CVE-2023-42458
CVE-2023-42458 affects the Zope web application server. A stored cross-site scripting (XSS) vulnerability exists for SVG images in versions prior to 4.8.10 and 5.8.5. An attacker would need to upload an image and lure a user to click a crafted link to trigger the vulnerability; however, an image ...
CVE-2023-42458 Zope vulnerable to Stored Cross Site Scripting with SVG images
Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the...