Vulnerability Description
Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zope | Zope | >= 4.0, < 4.8.11 |
Related Weaknesses (CWE)
References
- https://github.com/zopefoundation/Zope/commit/21dfa78609ffd8b6bd8143805678ebbacaPatch
- https://github.com/zopefoundation/Zope/commit/aeaf2cdc80dff60815e3706af448f086ddPatch
- https://github.com/zopefoundation/Zope/security/advisories/GHSA-m755-gxxg-r5qhVendor Advisory
- https://github.com/zopefoundation/Zope/commit/21dfa78609ffd8b6bd8143805678ebbacaPatch
- https://github.com/zopefoundation/Zope/commit/aeaf2cdc80dff60815e3706af448f086ddPatch
- https://github.com/zopefoundation/Zope/security/advisories/GHSA-m755-gxxg-r5qhVendor Advisory
FAQ
What is CVE-2023-44389?
CVE-2023-44389 is a vulnerability with a CVSS score of 3.1 (LOW). Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Manag...
How severe is CVE-2023-44389?
CVE-2023-44389 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-44389?
Check the references section above for vendor advisories and patch information. Affected products include: Zope Zope.