1483634 – (CVE-2009-5145) CVE-2009-5145 zope: Cross-site scripting (XSS) in ZMI pages through manage_tabs_message()

Bug 1483634 (CVE-2009-5145) - CVE-2009-5145 zope: Cross-site scripting (XSS) in ZMI pages through manage_tabs_message()

Summary: CVE-2009-5145 zope: Cross-site scripting (XSS) in ZMI pages through manage_ta...

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2009-5145
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-08-21 14:17 UTC by Pedro Sampaio
Modified:	2019-09-29 14:19 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-06-08 03:21:46 UTC
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2017-08-21 14:17:50 UTC

Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12. 

Upstream patch:

https://github.com/zopefoundation/Zope/commit/2abdf14620f146857dc8e3ffd2b6a754884c331d

References:

http://www.openwall.com/lists/oss-security/2015/03/02/7 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5145

Note You need to log in before you can comment on or make changes to this bug.