Vulnerabilities > EZ > EZ Publish > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-31 | CVE-2005-4852 | Permissions, Privileges, and Access Controls vulnerability in EZ Publish The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before 20050812 converts all non-alphanumeric characters in a URI to '_' (underscore), which allows remote attackers to bypass access restrictions by inserting certain characters in a URI, as demonstrated by a request for /admin:de, which matches a rule allowing only /admin_de to access /admin. | 5.0 |
| 2005-12-31 | CVE-2005-4851 | Improper Authentication vulnerability in EZ Publish eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects. | 4.0 |
| 2005-12-31 | CVE-2005-4850 | Permissions, Privileges, and Access Controls vulnerability in EZ Publish eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users. | 5.0 |
| 2003-06-16 | CVE-2003-0310 | Cross-Site Scripting vulnerability in EZ Publish 2.2 Cross-site scripting (XSS) vulnerability in articleview.php for eZ publish 2.2 allows remote attackers to insert arbitrary web script. | 6.8 |