Lucene search
K

17 matches found

Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-45006

NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. Impact There is a security vulnerability in eZ Publish Legacy,...

7.1CVSS5.8AI score0.00017EPSS
Exploits0References3
OSV
OSV
added 2024/05/15 9:32 p.m.11 views

GHSA-9895-26WR-4FGV EZsystems Remote code execution in file uploads

This Security Advisory is about a vulnerability in the way eZ Platform and eZ Publish Legacy handles file uploads, which can in the worst case lead to remote code execution RCE, a very serious threat. An attacker would need access to uploading files to be able to exploit the vulnerability, so if...

7.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/05/15 9:32 p.m.15 views

EZsystems Remote code execution in file uploads

This Security Advisory is about a vulnerability in the way eZ Platform and eZ Publish Legacy handles file uploads, which can in the worst case lead to remote code execution RCE, a very serious threat. An attacker would need access to uploading files to be able to exploit the vulnerability, so if...

7.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2024/05/15 9:30 p.m.7 views

GHSA-P9MP-VQ4V-V5M5 eZ Publish Legacy Passwordless login for LDAP users

This security advisory fixes a vulnerability in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy. Installations that are using the legacy LDAP login handler or the TextFile login handler in combination with the standard legacy login handler, may ...

7.1AI score
Exploits0References7
OSV
OSV
added 2024/05/15 9:29 p.m.11 views

GHSA-2VH3-CJ9J-MCJ5 eZ Publish Legacy Cross-site Scripting (XSS) in 'disabled module' error template

This security advisory fixes a vulnerability in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy via the LegacyBridge. Installations where all modules are disabled may be vulnerable to XSS injection in the module name. This is a rare configuratio...

6.5AI score
Exploits0References5
OSV
OSV
added 2024/05/15 9:22 p.m.12 views

GHSA-82RV-45PC-V28W eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities

This security advisory fixes 4 separate vulnerabilities in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy by itself or via the LegacyBridge. First, it increases the randomness, and thus the security, of the pseudo-random bytes used to generate ...

6.2AI score
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/05/15 9:22 p.m.17 views

eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities

This security advisory fixes 4 separate vulnerabilities in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy by itself or via the LegacyBridge. First, it increases the randomness, and thus the security, of the pseudo-random bytes used to generate ...

6.2AI score
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/15 9:6 p.m.21 views

Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS

his Security Advisory is about a vulnerability in VideoJS, which is bundled in DemoBundle and the ezdemo legacy extension. Older releases of VideoJS contain an XSS vulnerability in the Flash-based video player. This is bundled in DemoBundle, and in the Legacy "ezdemo" and "ezdemo-ls-extension"...

6.2AI score
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.5 views

PT-2024-40218 · Ez Systems +1 · Ez Publish Legacy +2

Name of the Vulnerable Software and Affected Versions: eZ Platform and eZ Publish Legacy affected versions not specified Description: The issue concerns a vulnerability in the way eZ Platform and eZ Publish Legacy handle file uploads, potentially leading to remote code execution RCE if an attacke...

8.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.4 views

PT-2024-40034 · Ez Systems · Ez Publish Legacy

Name of the Vulnerable Software and Affected Versions: eZ Publish Legacy affected versions not specified Description: The issue concerns a vulnerability in eZ Publish Legacy that could lead to XSS injection in certain configurations, particularly when all modules are disabled. This vulnerability...

6.7AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.6 views

PT-2024-40352 · Ez Systems · Ez Publish Legacy +1

Name of the Vulnerable Software and Affected Versions: VideoJS versions prior to the version that fixes the XSS vulnerability eZ Publish Platform 5.4 eZ Publish Legacy 5.4 Description: The issue is related to an XSS vulnerability in the Flash-based video player of VideoJS, which is bundled in...

6.1AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/06/26 12:0 a.m.12 views

CVE-2020-23065

Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish Platform v.5.4 and eZ Publish Legacy v.5.4 allows a remote authenticated attacker to execute arbitrary code via the video-js.swf...

7.1AI score0.00492EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/06/26 12:0 a.m.8 views

PT-2023-11639 · Ez Systems · Ez Publish Legacy +1

Name of the Vulnerable Software and Affected Versions: eZ Systems AS eZPublish Platform version 5.4 eZ Publish Legacy version 5.4 Description: The issue allows a remote authenticated attacker to execute arbitrary code via the video-js.swf, which is a Cross Site Scripting vulnerability. This enabl...

5.4CVSS5.7AI score0.00492EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/06/26 12:0 a.m.4 views

Ez Systems eZ Platform 跨站脚本漏洞

Ez Systems eZ Platform is a content management system CMS based on the Symfony framework from Ez Systems, Norway. A cross-site scripting vulnerability exists in Ez Systems eZ Platform version v.5.4, eZ Publish Legacy version v.5.4, which originates from a vulnerability that could allow an...

5.4CVSS6AI score0.00492EPSS
Exploits0References3
OSV
OSV
added 2021/09/07 10:54 p.m.5 views

GHSA-JPWX-FFJQ-WR4W Content object state fetch functions open to SQL injection

Impact This Security Update is about a vulnerability in eZ Publish Legacy. The content object state code could be vulnerable to SQL injection. There is no known exploit, but one might be possible. If you use Legacy in any way, we strongly recommend that you install this update as soon as possible...

8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/09/07 10:54 p.m.32 views

Content object state fetch functions open to SQL injection

Impact This Security Update is about a vulnerability in eZ Publish Legacy. The content object state code could be vulnerable to SQL injection. There is no known exploit, but one might be possible. If you use Legacy in any way, we strongly recommend that you install this update as soon as possible...

1.8AI score
Exploits0References4Affected Software1
CNVD
CNVD
added 2020/03/23 12:0 a.m.4 views

eZ Publish Kernel and eZ Publish Legacy File Upload Vulnerability

eZ Systems eZ Platform is a content management system CMS based on the Symfony framework from eZ Systems Norway. eZ Publish Kernel is the kernel component of the eZ Platform. eZ Publish Legacy is a legacy version of the eZ Platform. A file upload vulnerability exists in eZ Publish Kernel and eZ...

9.8CVSS7.9AI score0.0232EPSS
Exploits0References1
Rows per page
Query Builder