Bug 1483634 (CVE-2009-5145) - CVE-2009-5145 zope: Cross-site scripting (XSS) in ZMI pages through manage_tabs_message()
Summary: CVE-2009-5145 zope: Cross-site scripting (XSS) in ZMI pages through manage_ta...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2009-5145
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-08-21 14:17 UTC by Pedro Sampaio
Modified: 2019-09-29 14:19 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-08 03:21:46 UTC


Attachments (Terms of Use)

Description Pedro Sampaio 2017-08-21 14:17:50 UTC
Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12. 

Upstream patch:

https://github.com/zopefoundation/Zope/commit/2abdf14620f146857dc8e3ffd2b6a754884c331d

References:

http://www.openwall.com/lists/oss-security/2015/03/02/7 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5145


Note You need to log in before you can comment on or make changes to this bug.