Vulnerabilities > EZ > EZ Publish > 4.2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-02 | CVE-2017-1000431 | Cross-site Scripting vulnerability in EZ Publish eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. | 4.3 |
| 2012-10-06 | CVE-2012-1565 | Security vulnerability in eZ Publish Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference. | 7.5 |
| 2012-07-25 | CVE-2012-4053 | Cross-Site Request Forgery (CSRF) vulnerability in EZ Publish 4.1.0/4.2.0/4.3.0 Cross-site request forgery (CSRF) vulnerability in eZOE flash player in eZ Publish 4.1 through 4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
| 2010-07-08 | CVE-2010-2672 | SQL Injection vulnerability in EZ Publish Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature. | 7.5 |
| 2010-07-08 | CVE-2010-2671 | Cross-Site Scripting vulnerability in EZ Publish Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ Publish 3.7.0 through 4.2.0 allows remote attackers to inject arbitrary web script or HTML via the subTreeItem parameter. | 4.3 |