Vulnerabilities > Ibexa > EZ Platform Kernel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-12 | CVE-2021-46875 | Cross-site Scripting vulnerability in Ibexa EZ Platform Kernel An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. | 6.1 |
| 2023-03-12 | CVE-2021-46876 | Unspecified vulnerability in Ibexa EZ Platform Kernel An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. | 5.3 |
| 2022-02-18 | CVE-2022-25336 | Authorization Bypass Through User-Controlled Key vulnerability in Ibexa EZ Platform Kernel Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced. | 5.3 |