Reflexive XSS in Zope

Versions affected

4.3.2
4.3.1
4.3
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2
4.1.6
4.1.5
4.1.4
4.1.3
4.1.2
4.1.1
4.1
4.0.10
4.0.9
4.0.8
4.0.7
4.0.5
4.0.4
4.0.3
4.0.2
4.0.1
4.0
3.3.6
3.3.5
3.3.4
3.3.3
3.3.2
3.3.1
3.3

Vulnerability

A reflexive XSS vulnerability in Zope that allows arbitrary HTML to be included following an Image tag. This is only possible if Zope image objects have been added to the instance and their path is known. Plone image objects are unaffected. Fixed in: https://github.com/zopefoundation/Zope/commit/85d2a5f1e6f46c40d32b832a4dca111074a9484b

Current status

Patched

Credits

Discovered by

Richard Mitchell, of the Plone Security Team

Fixed by

Matthew Wilkes, of the Zope Security Team

Coordinated by

Plone Security Team

Contact

You can contact the security team confidentially by email at security@plone.org

More information

CVE Identifier

CVE-2013-7062

Type

XSS

Severity

4.3 – medium
Vector	Network
Complexity	Medium
Authentication	None
Confidentiality	None
Integrity	Partial
Availability	None

Timeline

Vulnerability reported: 2013-01-23
Hotfix released: 2013-12-10