PT-2018-5205 · Ez Systems · Ez Publish
Published
2018-01-02
·
Updated
2022-05-14
·
CVE-2017-1000431
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
eZ Publish versions 5.3.12 and older, 5.4.0 through 5.4.9
Description
The issue is related to an XSS problem in the search module, allowing attackers to inject scripts that may steal authentication credentials.
Recommendations
For versions 5.3.12 and older, consider disabling the search module until a patch is available.
For versions 5.4.0 through 5.4.9, restrict access to the search module to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ez Publish