CVE-2017-1000431Cross-site Scripting in Publish

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 47.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Ezsystems Ezpublish-legacyEZ Publish
Timeline
PublishedJan 2
Latest updateMay 14

Description

eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

Packagistezsystems/ezpublish-legacy5.4.05.4.10+1
NVDez/ez_publish5.4.05.4.9+1

Patches

Patch: share.ez.noPatch: share.ez.no

🔴Vulnerability Details

2
GHSA
eZ Publish Cross-site Scripting (XSS) vulnerability2022-05-14
OSV
eZ Publish Cross-site Scripting (XSS) vulnerability2022-05-14