Name of the Vulnerable Software and Affected Versions: eZ Publish Legacy (affected versions not specified)

Description: The issue concerns several security improvements in eZ Publish Legacy, including increasing the randomness of pseudo-random bytes used for the "forgot password" feature, enhancing the security of the information collector feature, preventing the leaking of content object names, and protecting against cross-site scripting (XSS) in the Matrix data type.

Recommendations: To resolve the issue, install the security update as soon as possible by using Composer to update to one of the "Resolving versions" or apply the patches manually. As a temporary workaround, consider restricting access to the "forgot password" feature and the information collector feature until the update is applied. Restrict access to the Matrix data type for users who can edit content classes or content types until the issue is resolved. Avoid using the XML text editing feature for users who should not have access to certain content objects until the update is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability, but installing the provided security update should mitigate the risks.