Reflexive XSS in Zope
Reflexive XSS in Zope
Versions affected
- 4.3.2
- 4.3.1
- 4.3
- 4.2.7
- 4.2.6
- 4.2.5
- 4.2.4
- 4.2.3
- 4.2.2
- 4.2.1
- 4.2
- 4.1.6
- 4.1.5
- 4.1.4
- 4.1.3
- 4.1.2
- 4.1.1
- 4.1
- 4.0.10
- 4.0.9
- 4.0.8
- 4.0.7
- 4.0.5
- 4.0.4
- 4.0.3
- 4.0.2
- 4.0.1
- 4.0
- 3.3.6
- 3.3.5
- 3.3.4
- 3.3.3
- 3.3.2
- 3.3.1
- 3.3
Vulnerability
Zope's session infrastructure includes a method for encoding URLs, which is accessible through the web. By passing HTML into this method a reflexive XSS attack can be achieved.
Fixed in:
https://github.com/zopefoundation/Zope/commit/90360c444fae8fd2b8b7d3250743d4bbb2f82baf
Current status
Patched
Credits
Discovered by
- Richard Mitchell, of the Plone Security Team
Fixed by
- Matthew Wilkes, of the Zope Security Team
Coordinated by
- Plone Security Team