Lucene search

[email protected]CVE-2005-4855

HistoryOct 03, 2022 - 4:22 p.m.

CVE-2005-4855

2022-10-0316:22:46

CWE-264

[email protected]

web.nvd.nist.gov

cve

file upload

ez publish 3.5

ez publish 3.6

ez publish 3.7

ez publish 3.8

xss

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.1%

JSON

Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks.

Affected configurations

NVD

Node

ezez_publishRange3.5.0–3.5.5

ezez_publishRange3.6.0–3.6.2

ezez_publishMatch3.7.0rc1

ezez_publishMatch3.8.0

CPENameOperatorVersion
ez:ez_publishez ez publishlt3.5.5
ez:ez_publishez ez publishlt3.6.2
ez:ez_publishez ez publisheq3.7.0
ez:ez_publishez ez publisheq3.8.0

CPE	Name	Operator	Version
ez:ez_publish	ez ez publish	lt	3.5.5
ez:ez_publish	ez ez publish	lt	3.6.2
ez:ez_publish	ez ez publish	eq	3.7.0
ez:ez_publish	ez ez publish	eq	3.8.0

References

ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0

issues.ez.no/5984

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.1%

JSON

Related for CVE-2005-4855

cvelist1 nvd1 ubuntucve1