Ez Publish@4.2.0 Security Vulnerabilities and Issues — Ez Publish@4.2.0 CVE List

Lucene search

EzEz Publish4.2.0

4 matches found

CVE•added 2012/10/06 9:55 p.m.•48 views

CVE-2012-1565

Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference.

7.5CVSS6.6AI score0.01752EPSS

CVE•added 2010/07/08 10:30 p.m.•43 views

CVE-2010-2672

Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature.

7.5CVSS8.8AI score0.00836EPSS

CVE•added 2012/07/25 7:55 p.m.•33 views

CVE-2012-4053

Cross-site request forgery (CSRF) vulnerability in eZOE flash player in eZ Publish 4.1 through 4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8CVSS7.3AI score0.00142EPSS

CVE•added 2010/07/08 10:30 p.m.•30 views

CVE-2010-2671

Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ Publish 3.7.0 through 4.2.0 allows remote attackers to inject arbitrary web script or HTML via the subTreeItem parameter.

4.3CVSS5.9AI score0.00516EPSS