 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.151105 |
| Category: | Web Servers |
| Title: | Zope XSS Vulnerability (GHSA-wm8q-9975-xh5v) |
| Summary: | Zope is prone to a cross-site scripting (XSS) vulnerability; with SVG images. |
| Description: | Summary: Zope is prone to a cross-site scripting (XSS) vulnerability with SVG images. Vulnerability Insight: There is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Affected Software/OS: Zope version 4.8.9 and prior and version 5.x through 5.8.4. Solution: Update to version 4.8.10, 5.8.5 or later. CVSS Score: 5.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-42458 https://github.com/zopefoundation/Zope/commit/26a55dbc301db417f47cafda6fe0f983b5690088 https://github.com/zopefoundation/Zope/commit/603b0a12881c90a072a7a65e32d47ed898ce37cb https://github.com/zopefoundation/Zope/security/advisories/GHSA-wm8q-9975-xh5v http://www.openwall.com/lists/oss-security/2023/09/22/2 |
| Copyright | Copyright (C) 2023 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |