Test Kennung:	1.3.6.1.4.1.25623.1.0.151105
Kategorie:	Web Servers
Titel:	Zope XSS Vulnerability (GHSA-wm8q-9975-xh5v)
Zusammenfassung:	Zope is prone to a cross-site scripting (XSS) vulnerability; with SVG images.
Beschreibung:	Summary: Zope is prone to a cross-site scripting (XSS) vulnerability with SVG images. Vulnerability Insight: There is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Affected Software/OS: Zope version 4.8.9 and prior and version 5.x through 5.8.4. Solution: Update to version 4.8.10, 5.8.5 or later. CVSS Score: 5.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2023-42458 https://github.com/zopefoundation/Zope/commit/26a55dbc301db417f47cafda6fe0f983b5690088 https://github.com/zopefoundation/Zope/commit/603b0a12881c90a072a7a65e32d47ed898ce37cb https://github.com/zopefoundation/Zope/security/advisories/GHSA-wm8q-9975-xh5v http://www.openwall.com/lists/oss-security/2023/09/22/2
Copyright	Copyright (C) 2023 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.