eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12.0 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials.
share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search
github.com/ezsystems/ezpublish-legacy/commit/c7174295fa0b9bd81bd4af908082464b0b80f278
github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/CVE-2017-1000431.yaml
nvd.nist.gov/vuln/detail/CVE-2017-1000431
web.archive.org/web/20210408035246/share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search