Reflexive XSS in Zope
Reflexive XSS in Zope
Versions affected
- 4.3.2
- 4.3.1
- 4.3
- 4.2.7
- 4.2.6
- 4.2.5
- 4.2.4
- 4.2.3
- 4.2.2
- 4.2.1
- 4.2
- 4.1.6
- 4.1.5
- 4.1.4
- 4.1.3
- 4.1.2
- 4.1.1
- 4.1
- 4.0.10
- 4.0.9
- 4.0.8
- 4.0.7
- 4.0.5
- 4.0.4
- 4.0.3
- 4.0.2
- 4.0.1
- 4.0
- 3.3.6
- 3.3.5
- 3.3.4
- 3.3.3
- 3.3.2
- 3.3.1
- 3.3
Vulnerability
A reflexive XSS vulnerability in Zope that allows arbitrary HTML to be included following an Image tag. This is only possible if Zope image objects have been added to the instance and their path is known. Plone image objects are unaffected.
Fixed in:
https://github.com/zopefoundation/Zope/commit/85d2a5f1e6f46c40d32b832a4dca111074a9484b
Current status
Patched
Credits
Discovered by
- Richard Mitchell, of the Plone Security Team
Fixed by
- Matthew Wilkes, of the Zope Security Team
Coordinated by
- Plone Security Team