Ez: >> Ez Publish >> 3.8.1 Security Vulnerabilities
eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-01-02
eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module.
CVSS Score
10.0
EPSS Score
0.006
Published
2007-08-23
The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks.
CVSS Score
5.0
EPSS Score
0.01
Published
2007-08-23
eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this version to a new draft.
CVSS Score
4.0
EPSS Score
0.001
Published
2007-07-06