If you come across a security issue in our products, here is how you can report it to us: https://doc.ez.no/Security
Security Advisories
EZSA-2019-005: Bundled jQuery affected by CVE-2019-11358
Friday 05 July 2019 10:22
EZSA-2019-004: CSRF token in login form is disabled by default
Thursday 27 June 2019 12:43
EZSA-2019-003: XSS in eZFind spellcheck
Thursday 23 May 2019 10:43
EZSA-2019-002: Password reset vulnerability
Tuesday 02 April 2019 02:34
EZSA-2019-001: XSS in Admin UI
Tuesday 12 March 2019 04:23
EZSA-2018-010: Symfony security advisories
Monday 10 December 2018 04:42
EZSA-2018-009: Do not interpret PHP/PHAR uploads
Wednesday 21 November 2018 01:11
EZSA-2018-008: REST API returns list of all SiteAccesses
Tuesday 20 November 2018 03:20
EZSA-2018-007: User data disclosure
Tuesday 20 November 2018 02:49
EZSA-2018-006: XSS vulnerability in 'disabled module' error template
Thursday 01 November 2018 11:21
EZSA-2018-005: Passwordless login for LDAP users
Wednesday 31 October 2018 01:31
EZSA-2018-004: Symfony security advisories
Thursday 31 May 2018 11:05
EZSA-2018-003: 4-byte UTF-8 in MySQL/MariaDB
Thursday 24 May 2018 04:14
EZSA-2018-002: The files uploaded via packages component are executable
Monday 26 February 2018 04:40
EZSA-2017-006: Information disclosure in backend content tree menu
Thursday 07 September 2017 01:48
EZSA-2017-005: XSS issue in search
Tuesday 22 August 2017 05:05
EZSA-2017-004: Embedded files downloadable though they are in trash
Tuesday 07 March 2017 02:32
EZSA-2017-003: XSS vulnerability in eZJSCore due to CVE-2013-6780
Tuesday 07 March 2017 02:19
EZSA-2017-002: Image upload and package creation vulnerabilities
Tuesday 07 March 2017 11:16
Proudly Developed with
from
from