17 matches found
PT-2026-45006
NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. Impact There is a security vulnerability in eZ Publish Legacy,...
GHSA-9895-26WR-4FGV EZsystems Remote code execution in file uploads
This Security Advisory is about a vulnerability in the way eZ Platform and eZ Publish Legacy handles file uploads, which can in the worst case lead to remote code execution RCE, a very serious threat. An attacker would need access to uploading files to be able to exploit the vulnerability, so if...
EZsystems Remote code execution in file uploads
This Security Advisory is about a vulnerability in the way eZ Platform and eZ Publish Legacy handles file uploads, which can in the worst case lead to remote code execution RCE, a very serious threat. An attacker would need access to uploading files to be able to exploit the vulnerability, so if...
GHSA-P9MP-VQ4V-V5M5 eZ Publish Legacy Passwordless login for LDAP users
This security advisory fixes a vulnerability in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy. Installations that are using the legacy LDAP login handler or the TextFile login handler in combination with the standard legacy login handler, may ...
GHSA-2VH3-CJ9J-MCJ5 eZ Publish Legacy Cross-site Scripting (XSS) in 'disabled module' error template
This security advisory fixes a vulnerability in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy via the LegacyBridge. Installations where all modules are disabled may be vulnerable to XSS injection in the module name. This is a rare configuratio...
GHSA-82RV-45PC-V28W eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities
This security advisory fixes 4 separate vulnerabilities in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy by itself or via the LegacyBridge. First, it increases the randomness, and thus the security, of the pseudo-random bytes used to generate ...
eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities
This security advisory fixes 4 separate vulnerabilities in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy by itself or via the LegacyBridge. First, it increases the randomness, and thus the security, of the pseudo-random bytes used to generate ...
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS
his Security Advisory is about a vulnerability in VideoJS, which is bundled in DemoBundle and the ezdemo legacy extension. Older releases of VideoJS contain an XSS vulnerability in the Flash-based video player. This is bundled in DemoBundle, and in the Legacy "ezdemo" and "ezdemo-ls-extension"...
PT-2024-40218 · Ez Systems +1 · Ez Publish Legacy +2
Name of the Vulnerable Software and Affected Versions: eZ Platform and eZ Publish Legacy affected versions not specified Description: The issue concerns a vulnerability in the way eZ Platform and eZ Publish Legacy handle file uploads, potentially leading to remote code execution RCE if an attacke...
PT-2024-40034 · Ez Systems · Ez Publish Legacy
Name of the Vulnerable Software and Affected Versions: eZ Publish Legacy affected versions not specified Description: The issue concerns a vulnerability in eZ Publish Legacy that could lead to XSS injection in certain configurations, particularly when all modules are disabled. This vulnerability...
PT-2024-40352 · Ez Systems · Ez Publish Legacy +1
Name of the Vulnerable Software and Affected Versions: VideoJS versions prior to the version that fixes the XSS vulnerability eZ Publish Platform 5.4 eZ Publish Legacy 5.4 Description: The issue is related to an XSS vulnerability in the Flash-based video player of VideoJS, which is bundled in...
CVE-2020-23065
Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish Platform v.5.4 and eZ Publish Legacy v.5.4 allows a remote authenticated attacker to execute arbitrary code via the video-js.swf...
PT-2023-11639 · Ez Systems · Ez Publish Legacy +1
Name of the Vulnerable Software and Affected Versions: eZ Systems AS eZPublish Platform version 5.4 eZ Publish Legacy version 5.4 Description: The issue allows a remote authenticated attacker to execute arbitrary code via the video-js.swf, which is a Cross Site Scripting vulnerability. This enabl...
Ez Systems eZ Platform 跨站脚本漏洞
Ez Systems eZ Platform is a content management system CMS based on the Symfony framework from Ez Systems, Norway. A cross-site scripting vulnerability exists in Ez Systems eZ Platform version v.5.4, eZ Publish Legacy version v.5.4, which originates from a vulnerability that could allow an...
GHSA-JPWX-FFJQ-WR4W Content object state fetch functions open to SQL injection
Impact This Security Update is about a vulnerability in eZ Publish Legacy. The content object state code could be vulnerable to SQL injection. There is no known exploit, but one might be possible. If you use Legacy in any way, we strongly recommend that you install this update as soon as possible...
Content object state fetch functions open to SQL injection
Impact This Security Update is about a vulnerability in eZ Publish Legacy. The content object state code could be vulnerable to SQL injection. There is no known exploit, but one might be possible. If you use Legacy in any way, we strongly recommend that you install this update as soon as possible...
eZ Publish Kernel and eZ Publish Legacy File Upload Vulnerability
eZ Systems eZ Platform is a content management system CMS based on the Symfony framework from eZ Systems Norway. eZ Publish Kernel is the kernel component of the eZ Platform. eZ Publish Legacy is a legacy version of the eZ Platform. A file upload vulnerability exists in eZ Publish Kernel and eZ...