Reflexive XSS in Zope

by matthewwilkes — published 2013/12/10 14:47:00 GMT+0, last modified 2016-08-30T16:38:27+00:00
Reflexive XSS in Zope

Versions affected

  • 4.3.2
  • 4.3.1
  • 4.3
  • 4.2.7
  • 4.2.6
  • 4.2.5
  • 4.2.4
  • 4.2.3
  • 4.2.2
  • 4.2.1
  • 4.2
  • 4.1.6
  • 4.1.5
  • 4.1.4
  • 4.1.3
  • 4.1.2
  • 4.1.1
  • 4.1
  • 4.0.10
  • 4.0.9
  • 4.0.8
  • 4.0.7
  • 4.0.5
  • 4.0.4
  • 4.0.3
  • 4.0.2
  • 4.0.1
  • 4.0
  • 3.3.6
  • 3.3.5
  • 3.3.4
  • 3.3.3
  • 3.3.2
  • 3.3.1
  • 3.3

Vulnerability

A reflexive XSS vulnerability in Zope that allows arbitrary HTML to be included following an Image tag. This is only possible if Zope image objects have been added to the instance and their path is known. Plone image objects are unaffected. Fixed in: https://github.com/zopefoundation/Zope/commit/85d2a5f1e6f46c40d32b832a4dca111074a9484b

Current status

Patched

Credits

Discovered by

  • Richard Mitchell, of the Plone Security Team

Fixed by

  • Matthew Wilkes, of the Zope Security Team

Coordinated by

  • Plone Security Team