Low severityNVD Advisory· Published Oct 4, 2023· Updated Nov 27, 2024
Zope management interface vulnerable to stored cross site scripting via the title property
CVE-2023-44389
Description
Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ZopePyPI | >= 4.0.0, < 4.8.11 | 4.8.11 |
ZopePyPI | >= 5.0.0, < 5.8.6 | 5.8.6 |
Affected products
1- Range: >= 4.0.0, < 4.8.11
Patches
221dfa78609ffMerge pull request from GHSA-m755-gxxg-r5qh
1 file changed · +1 −1
src/App/dtml/manage_tabs.dtml+1 −1 modified@@ -42,7 +42,7 @@ <nav aria-label="breadcrumb"> <dtml-let breadcrumb_length="tabs_path_length(REQUEST)"> - <ol class="breadcrumb <dtml-var "'zmi-' + title_or_id().replace(' ','')">" + <ol class="breadcrumb <dtml-var "'zmi-' + title_or_id().replace(' ','')" html_quote>" data-length="<dtml-var breadcrumb_length>"> <li class="breadcrumb-item meta_type"> <dtml-if meta_type>
aeaf2cdc80dfMerge pull request from GHSA-m755-gxxg-r5qh
1 file changed · +1 −1
src/App/dtml/manage_tabs.dtml+1 −1 modified@@ -42,7 +42,7 @@ <nav aria-label="breadcrumb"> <dtml-let breadcrumb_length="tabs_path_length(REQUEST)"> - <ol class="breadcrumb <dtml-var "'zmi-' + title_or_id().replace(' ','')">" + <ol class="breadcrumb <dtml-var "'zmi-' + title_or_id().replace(' ','')" html_quote>" data-length="<dtml-var breadcrumb_length>"> <li class="breadcrumb-item meta_type"> <dtml-if meta_type>
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-m755-gxxg-r5qhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-44389ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/zope/PYSEC-2023-193.yamlghsaWEB
- github.com/zopefoundation/Zope/commit/21dfa78609ffd8b6bd8143805678ebbacae5141aghsax_refsource_MISCWEB
- github.com/zopefoundation/Zope/commit/aeaf2cdc80dff60815e3706af448f086ddc3b98dghsax_refsource_MISCWEB
- github.com/zopefoundation/Zope/security/advisories/GHSA-m755-gxxg-r5qhghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.