Ez Publish@3.5.8 Security Vulnerabilities and Issues — Ez Publish@3.5.8 CVE List

Lucene search

EzEz Publish3.5.8

3 matches found

CVE•added 2009/07/02 10:30 a.m.•47 views

CVE-2008-6844

The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and ot...

7.5CVSS7.2AI score0.02382EPSS

CVE•added 2006/03/01 2:2 a.m.•34 views

CVE-2006-0938

Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the RefererURL parameter.

4.3CVSS5.7AI score0.00504EPSS

CVE•added 2007/07/06 7:0 p.m.•27 views

CVE-2005-4854

eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict notifications, which allows remote authenticated users to obtain sensitive information about changes to content in arbitrary folders.

5CVSS5.8AI score0.0019EPSS