3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
32.1%
Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6
before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not
restrict Image datatype uploads to image content types, which allows remote
authenticated users to upload certain types of files, as demonstrated by
.js files, which may enable cross-site scripting (XSS) attacks or other
attacks.