Yann Michard

**Name of the Vulnerable Software and Affected Versions** ez Publish versions 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 **Description** The issue is related to an insecure direct object reference, but the specific details about the impact and attack vectors are not provided. **Recommendations** For ez Publish versions 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** eZ Publish versions prior to 1.5 **Description** A cross-site scripting (XSS) issue exists due to a vulnerability in the textEncode function in classes/ezjscajaxcontent.php in eZ JS Core. This allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For versions prior to 1.5, update to version 1.5 or later to resolve the issue.