CVE Database · CVE-2023-44389
CVSS v3.1
3.1
EPSS
0.40%
Published
Oct 4, 2023
Modified
Nov 21, 2024
Public PoC / Exploit
All weaponized →No public PoC or exploit code indexed for this CVE.
Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:NWeaknesses (CWE)
References (6)