Mezzanine CMS Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module...

CVE-2007-4493

eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module...