Lucene search
Veracode Vulnerability DatabaseVERACODE:43831HistoryOct 16, 2023 - 7:43 a.m.
Cross-Site Scripting (XSS)
2023-10-1607:43:53
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
zope
xss
vulnerability
user input
script code
zope management interface
CVSS3
4.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
24.4%
Zope is vulnerable to Cross-site Scripting (XSS) . The vulnerability is due to improper user-input sanitization in the title property. This can allow an attacker to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI).
Related
cvelist
cvelist
github
github
prion
prion
Design/Logic Flaw
2023-10-04 21:15:00
nvd
nvd
CVE-2023-44389
2023-10-04 21:15:10
osv
osv
CVE-2023-44389
2023-10-04 21:15:10
Zope management interface vulnerable to stored cross site scripting via the title property
2023-10-04 18:50:25
PYSEC-2023-193
2023-10-04 21:15:00
openvas
openvas
Zope XSS Vulnerability (GHSA-m755-gxxg-r5qh)
2023-10-06 00:00:00
cve
cve
CVE-2023-44389
2023-10-04 21:15:10
CVSS3
4.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
24.4%
Related for VERACODE:43831