Lucene search
Veracode Vulnerability DatabaseVERACODE:43357HistorySep 22, 2023 - 10:03 a.m.
Cross Site Scripting
2023-09-2210:03:38
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
zope
cross site scripting
image.py
svg
browser
vulnerability
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
43.6%
zope is vulnerable to Cross Site Scripting . The vulnerability is due to Image.py as there is no prevention for the inline display of potentially risky SVG file types in the browser.
Related
cvelist
cvelist
nvd
nvd
CVE-2023-42458
2023-09-21 17:15:22
github
github
Zope vulnerable to Stored Cross Site Scripting with SVG images
2023-09-21 17:04:09
prion
prion
Cross site scripting
2023-09-21 17:15:00
openvas
openvas
Zope XSS Vulnerability (GHSA-wm8q-9975-xh5v)
2023-10-06 00:00:00
osv
osv
CVE-2023-42458
2023-09-21 17:15:22
Zope vulnerable to Stored Cross Site Scripting with SVG images
2023-09-21 17:04:09
cve
cve
CVE-2023-42458
2023-09-21 17:15:22
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
43.6%
Related for VERACODE:43357