eZ Community » Security Advisories

Security Advisories

If you come across a security issue in our products, here is how you can report it to us: https://doc.ez.no/Security

Security Advisories

EZSA-2019-002: Password reset vulnerability

Tuesday 02 April 2019 02:34

Severity : High

EZSA-2019-001: XSS in Admin UI

Tuesday 12 March 2019 04:23

Severity : High

EZSA-2018-010: Symfony security advisories

Monday 10 December 2018 04:42

Severity : High

EZSA-2018-009: Do not interpret PHP/PHAR uploads

Wednesday 21 November 2018 01:11

Severity : High

EZSA-2018-008: REST API returns list of all SiteAccesses

Tuesday 20 November 2018 03:20

Severity : Medium

EZSA-2018-007: User data disclosure

Tuesday 20 November 2018 02:49

Severity : High

EZSA-2018-006: XSS vulnerability in 'disabled module' error template

Thursday 01 November 2018 11:21

Severity : Medium

EZSA-2018-005: Passwordless login for LDAP users

Wednesday 31 October 2018 01:31

Severity : High

EZSA-2018-004: Symfony security advisories

Thursday 31 May 2018 11:05

Severity : High

EZSA-2018-003: 4-byte UTF-8 in MySQL/MariaDB

Thursday 24 May 2018 04:14

Severity : High

EZSA-2018-002: The files uploaded via packages component are executable

Monday 26 February 2018 04:40

Severity : High

EZSA-2018-001: Several vulnerabilities in Forgot password, Information collector, XML text, and Matrix field type features

Monday 26 February 2018 03:52

Severity : High

EZSA-2017-006: Information disclosure in backend content tree menu

Thursday 07 September 2017 01:48

Severity : Medium

EZSA-2017-005: XSS issue in search

Tuesday 22 August 2017 05:05

Severity : High

EZSA-2017-004: Embedded files downloadable though they are in trash

Tuesday 07 March 2017 02:32

Severity : Low

EZSA-2017-003: XSS vulnerability in eZJSCore due to CVE-2013-6780

Tuesday 07 March 2017 02:19

Severity : High

EZSA-2017-002: Image upload and package creation vulnerabilities

Tuesday 07 March 2017 11:16

Severity : High

EZSA-2017-001: SQL injection in legacy ezsearchengine (update)

Tuesday 07 March 2017 10:38

Severity : High

EZSA-2016-007: SQL injection in legacy ezsearchengine

Thursday 17 November 2016 10:35

Severity : High

EZSA-2016-006: ezjscore: add hard limit in ezjscnode::subtree

Tuesday 13 September 2016 02:55

Severity : Medium

36 542 Users on board!

Community Project menu

Proudly Developed with from