PT-2019-12654 · Ez Platform · Ezplatform-Admin-Ui+1
Published
2019-05-16
·
Updated
2024-05-15
·
CVE-2019-12139
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ezplatform-admin-ui versions 1.3.x through 1.3.4
ezplatform-admin-ui versions 1.4.x through 1.4.3
ezplatform-page-builder versions 1.1.x through 1.1.4
ezplatform-page-builder versions 1.2.x through 1.2.3
Description
A security issue was discovered in the Admin UI of eZ Platform, affecting versions 2.x. This issue allows for XSS injection, particularly in sites that allow user-generated content. The necessary update adds escaping of injected code, resolving the issue for both existing and future injected code.
Recommendations
For ezplatform-admin-ui versions 1.3.x through 1.3.4, update to version 1.3.5 or later using Composer.
For ezplatform-admin-ui versions 1.4.x through 1.4.3, update to version 1.4.4 or later using Composer.
For ezplatform-page-builder versions 1.1.x through 1.1.4, update to version 1.1.5 or later using Composer.
For ezplatform-page-builder versions 1.2.x through 1.2.3, update to version 1.2.4 or later using Composer.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ezplatform-Admin-Ui
Ezplatform-Page-Builder