eZ Community » Security Advisories » EZSA-2017-005: XSS issue in search

EZSA-2017-005: XSS issue in search

Publication date : 22/08/2017
Severity : High
Affected versions : 4.6 - 5.4, all community versions at time of writing (legacy only)
Resolving versions : 5.4.10, 5.3.12.1, and published service packs for all other supported versions

This security advisory is to fix a cross-site scripting (XSS) vulnerability in the content/search module in eZ Publish legacy, which allows javascript to be injected. We strongly recommend that you install this Security Update as soon as possible.

Patch for eZ Publish (legacy): https://github.com/ezsystems/ezpublish-legacy/commit/c7174295fa0b9bd81bd4af908082464b0b80f278

Have you found a security bug in eZ Publish or eZ Platform? See how to report it responsibly here: https://doc.ez.no/Security

36 542 Users on board!

Community Project menu

Proudly Developed with from