Vulnerabilities > EZ > EZ Publish > 3.8.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-01-02 | CVE-2017-1000431 | Cross-site Scripting vulnerability in EZ Publish eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. | 4.3 |
2007-08-23 | CVE-2007-4494 | Unspecified vulnerability in EZ Publish The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks. | 5.0 |
2007-08-23 | CVE-2007-4493 | Unspecified vulnerability in eZ Publish No Policy Function eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module. | 10.0 |
2007-07-06 | CVE-2006-7219 | Permissions, Privileges, and Access Controls vulnerability in EZ Publish eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this version to a new draft. | 4.0 |