Home > Vulnerability Database > CVE-2023-44389

Mend.io Vulnerability Database

CVE-2023-44389

Good to know:

Date: October 4, 2023

Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6.

Language: Python

Severity Score

3.1

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-44389

Url: https://github.com/zopefoundation/Zope

Url: https://github.com/pypa/advisory-database/tree/main/vulns/zope/PYSEC-2023-193.yaml

Url: https://github.com/zopefoundation/Zope/commit/aeaf2cdc80dff60815e3706af448f086ddc3b98d

Url: https://github.com/zopefoundation/Zope/security/advisories/GHSA-m755-gxxg-r5qh

Url: https://github.com/zopefoundation/Zope/commit/21dfa78609ffd8b6bd8143805678ebbacae5141a

Url: https://www.mend.io/vulnerability-database/CVE-2023-44389

Severity Score

3.1

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version Zope - 4.8.11, 5.8.6

Learn More

CVSS v3.1

Base Score:	3.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-44389

Good to know:

Date: October 4, 2023

Language: Python

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?