Zope using the vulnerable versions of AccessControl is vulnerable to remote code execution. Untrusted users with the Zope Manager role are allowed to add/edit and execute the malicious scripts through the web.
github.com/zopefoundation/AccessControl/security/advisories/GHSA-qcx9-j53g-ccgf
github.com/zopefoundation/Zope/commit/f72a18dda8e9bf2aedb46168761668464a4be988
github.com/zopefoundation/Zope/security/advisories/GHSA-g4gq-j4p2-j8fr
sca.analysiscenter.veracode.com/vulnerability-database/security/man-middle-mitm-/javascript/sid-31455