Squiz: >> Matrix >> 5.3.4.0 Security Vulnerabilities
An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-11-30
An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting (XSS) issues in Matrix WYSIWYG plugins.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-11-30
An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution (RCE) via a maliciously crafted time_format tag.
CVSS Score
8.8
EPSS Score
0.015
Published
2017-11-30