Cross site scripting

2006-03-0102:02:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.4%

JSON

Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the RefererURL parameter.

CPENameOperatorVersion
ez_publisheq3.6.3
ez_publisheq3.6.1
ez_publisheq3.5.8
ez_publisheq3.6.4
ez_publisheq3.7.1
ez_publisheq3.6.0
ez_publishle3.7.3
ez_publisheq3.4.8
ez_publisheq3.5.7
ez_publisheq3.5.5

Name	Operator	Version
ez_publish	eq	3.6.3
ez_publish	eq	3.6.1
ez_publish	eq	3.5.8
ez_publish	eq	3.6.4
ez_publish	eq	3.7.1
ez_publish	eq	3.6.0
ez_publish	le	3.7.3
ez_publish	eq	3.4.8
ez_publish	eq	3.5.7
ez_publish	eq	3.5.5

Rows per page:

1-10 of 161

References

securitytracker.com/id?1015683

www.nukedx.com/?viewdoc=16

www.securityfocus.com/archive/1/426076/100/0/threaded

www.securityfocus.com/bid/16817

exchange.xforce.ibmcloud.com/vulnerabilities/24956