GitHub Advisory DatabaseGHSA-M98Q-P5GQ-Q5FFeZ Publish Cross-site Scripting (XSS) vulnerability
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
31.3%
eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12.0 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ezsystems/ezpublish-legacy | lt | 5.3.12.1 | |
| ezsystems/ezpublish-legacy | lt | 5.4.10 |
References
share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search
github.com/advisories/GHSA-m98q-p5gq-q5ff
github.com/ezsystems/ezpublish-legacy/commit/c7174295fa0b9bd81bd4af908082464b0b80f278
github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/CVE-2017-1000431.yaml
nvd.nist.gov/vuln/detail/CVE-2017-1000431
web.archive.org/web/20210408035246/share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
31.3%