CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-1597

Cross-site scripting (XSS) vulnerability in the textEncode function in classes/ezjscajaxcontent.php in eZ JS Core in eZ Publish before 1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.027

EPSS Ranking 85.2%

CVSS Severity

CVSS v2 Score 2.6

References

http://share.ez.no/community-project/security-advisories/ezsa-2012-006-xss-exploit-on-ezjscore-run-command-when-using-firefox
http://www.openwall.com/lists/oss-security/2012/05/11/6
https://github.com/ezsystems/ezjscore/commit/58854564c7b8672090c25c4b1677d08620d870f2
http://share.ez.no/community-project/security-advisories/ezsa-2012-006-xss-exploit-on-ezjscore-run-command-when-using-firefox
http://www.openwall.com/lists/oss-security/2012/05/11/6
https://github.com/ezsystems/ezjscore/commit/58854564c7b8672090c25c4b1677d08620d870f2

Products affected by CVE-2012-1597

Ez » Ezjscore » Version: Any

cpe:2.3:a:ez:ezjscore:*
Ez » Ezjscore » Version: 1.0

cpe:2.3:a:ez:ezjscore:1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-1597

Products

Pricing

Contact Us