eZ Publish Cross-site Scripting (XSS) vulnerability

2022-05-1403:49:37

Google

osv.dev

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.3%

JSON

eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12.0 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials.

References

share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search

github.com/ezsystems/ezpublish-legacy/commit/c7174295fa0b9bd81bd4af908082464b0b80f278

github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/CVE-2017-1000431.yaml

nvd.nist.gov/vuln/detail/CVE-2017-1000431

web.archive.org/web/20210408035246/share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search