CVE-2023-42458

Secure your products with top-tier expert knowledge and advanced Penetration Testing (CREST Approved)

Let's collaborate to build and maintain secure, trustworthy products

We transform threats into trust by integrating advanced tech and expertise in product security. Our approach encompasses Security by Design, rigorous security assurance and penetration testing, and compliance through expert documentation, from design to post-market. We offer CREST-approved pen testing in EMEA, upholding top security standards.

CREST Approved in EMEA

 Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in Zope 4.8.10 and 5.8.5. As a workaround, make sure the “Add Documents, Images, and Files” permission is only assigned to trusted roles. By default, only the Manager has this permission. (CVSS:5.4) (Last Update:2023-09-25 16:05:03)     Latest security vulnerabilities (Cross Site Scripting (XSS)) (CVSS score >= 4) 

More To Explore