Reflexive XSS in Zope

Versions affected

4.3.2
4.3.1
4.3
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2
4.1.6
4.1.5
4.1.4
4.1.3
4.1.2
4.1.1
4.1
4.0.10
4.0.9
4.0.8
4.0.7
4.0.5
4.0.4
4.0.3
4.0.2
4.0.1
4.0
3.3.6
3.3.5
3.3.4
3.3.3
3.3.2
3.3.1
3.3

Vulnerability

Zope's session infrastructure includes a method for encoding URLs, which is accessible through the web. By passing HTML into this method a reflexive XSS attack can be achieved. Fixed in: https://github.com/zopefoundation/Zope/commit/90360c444fae8fd2b8b7d3250743d4bbb2f82baf

Current status

Patched

Credits

Discovered by

Richard Mitchell, of the Plone Security Team

Fixed by

Matthew Wilkes, of the Zope Security Team

Coordinated by

Plone Security Team

Contact

You can contact the security team confidentially by email at security@plone.org

More information

CVE Identifier

CVE-2013-7062

Type

XSS

Severity

4.3 – medium
Vector	Network
Complexity	Medium
Authentication	None
Confidentiality	None
Integrity	Partial
Availability	None

Timeline

Vulnerability reported: 2013-01-23
Hotfix released: 2013-12-10