Vulnerabilities > EZ > EZ Publish > 3.9.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-01-02 | CVE-2017-1000431 | Cross-site Scripting vulnerability in EZ Publish eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. | 4.3 |
2009-07-02 | CVE-2008-6844 | Permissions, Privileges, and Access Controls vulnerability in EZ Publish The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters. | 7.5 |
2007-08-23 | CVE-2007-4494 | Unspecified vulnerability in EZ Publish The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks. | 5.0 |
2007-08-23 | CVE-2007-4493 | Unspecified vulnerability in eZ Publish No Policy Function eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module. | 10.0 |