CVE-2023-44389 Zope management interface vulnerable to stored cross site scripting via the title property

Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface ZMI. All versions of Zope 4 and Zope 5 are affected. Patches will be released wit...

plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait

Impact There is a stored cross site scripting vulnerability for SVG images uploaded in user portraits. Note that a page that uses an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first ne...

GHSA-HC5C-R8M5-2GFH plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait

Impact There is a stored cross site scripting vulnerability for SVG images uploaded in user portraits. Note that a page that uses an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first ne...

Zope RCE Vulnerability (GHSA-g4gq-j4p2-j8fr)

Zope is prone to a remote code execution RCE vulnerability via Script Python objects under Python 3. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2021-32811

Zope CVE-2021-32811 affects Zope 4.x prior to 4.6.3 and Zope 5.x prior to 5.3 when running Python 3 and with the optional Products.PythonScripts add-on installed. The vulnerability enables remote code execution via Script (Python) objects unless the Zope Manager role is not granted or scripting e...