CVE-2023-44389 - CERT CVE
ID CVE-2023-44389
Sažetak Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6.
Reference
CVSS
Base: 4.8
Impact: 2.7
Exploitability:1.7
Pristup
VektorSloženostAutentikacija
NETWORK LOW HIGH
Impact
PovjerljivostCjelovitostDostupnost
LOW LOW NONE
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Zadnje važnije ažuriranje 01-02-2024 - 00:50
Objavljeno 04-10-2023 - 21:15