PT-2018-5205 · Ez Systems · Ez Publish
Publicado
2018-01-02
·
Atualizado
2022-05-14
·
CVE-2017-1000431
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
eZ Publish versions 5.3.12 and older, 5.4.0 through 5.4.9
Description
The issue is related to an XSS problem in the search module, allowing attackers to inject scripts that may steal authentication credentials.
Recommendations
For versions 5.3.12 and older, consider disabling the search module until a patch is available.
For versions 5.4.0 through 5.4.9, restrict access to the search module to minimize the risk of exploitation.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ez Publish