CVE-2021-46875 — Cross-site Scripting in EZ Platform Kernel

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.5%

top 32.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ibexa EZ Platform Kernel Ezsystems Ezplatform-kernel Ezsystems Ezpublish-kernel

Timeline

Latest updateMar 19

PublishedMar 12

Description

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDibexa/ez_platform_kernel1.2.0 — 1.2.5.1+3

▶Packagistezsystems/ezplatform-kernel1.3.0 — 1.3.1.1+1

▶Packagistezsystems/ezpublish-kernel7.0.0 — 7.5.15.2+1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

Cross-site scripting in eZ Platform Kernel↗2021-03-19

▶

GHSA

Cross-site scripting in eZ Platform Kernel↗2021-03-19

▶