Name of the Vulnerable Software and Affected Versions eZ Publish Legacy (affected versions not specified)

Description The issue concerns a vulnerability in eZ Publish Legacy that could lead to XSS injection in certain configurations, particularly when all modules are disabled. This vulnerability affects installations using Legacy via the LegacyBridge. The estimated number of potentially affected devices worldwide is not available.

Recommendations To resolve the issue, update to one of the resolving versions using Composer. As a temporary workaround, consider disabling the LegacyBridge until a patch is available. Restrict access to the module name input field to minimize the risk of XSS injection. Apply the patch manually from the provided commit to add necessary input washing.