Ez: >> Ez Publish >> 3.8.9 Security Vulnerabilities
eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-01-02
The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters.
CVSS Score
7.5
EPSS Score
0.024
Published
2009-07-02