This site has been archived. To learn more about our current products Ibexa Content, Ibexa Experience, Ibexa Commerce head over to the Ibexa Developer Portal

eZ Community » Security Advisories

Security Advisories

NB: These advisories are being moved to
For a while you will find them in both places, but eventually they will be removed from here.

If you come across a security issue in our products, here is how you can report it to us:

Security Advisories

EZSA-2017-005: XSS issue in search

Tuesday 22 August 2017 05:05

Severity : High

EZSA-2017-004: Embedded files downloadable though they are in trash

Tuesday 07 March 2017 02:32

Severity : Low

EZSA-2017-003: XSS vulnerability in eZJSCore due to CVE-2013-6780

Tuesday 07 March 2017 02:19

Severity : High

EZSA-2017-002: Image upload and package creation vulnerabilities

Tuesday 07 March 2017 11:16

Severity : High

EZSA-2017-001: SQL injection in legacy ezsearchengine (update)

Tuesday 07 March 2017 10:38

Severity : High

EZSA-2016-007: SQL injection in legacy ezsearchengine

Thursday 17 November 2016 10:35

Severity : High

EZSA-2016-006: ezjscore: add hard limit in ezjscnode::subtree

Tuesday 13 September 2016 02:55

Severity : Medium

EZSA-2016-005: SQL injection on content view after language parameters

Tuesday 13 September 2016 01:47

Severity : High

EZSA-2016-004: Session data migrated between users on logout

Tuesday 13 September 2016 01:22

Severity : High

EZSA-2016-003: Invalid view parameters generate undesired cache

Tuesday 13 September 2016 09:41

Severity : Medium

EZSA-2016-002: Disclosure of collected info from information collector

Thursday 28 July 2016 10:11

Severity : Medium

EZSA-2016-001: CVE-2016-5385 HTTP_PROXY environment variable

Wednesday 20 July 2016 01:49

Severity : Medium

EZSA-2015-002: CVE-2015-4050 ESI unauthorized access

Wednesday 27 May 2015 01:32

Severity : Medium

36 542 Users on board!

Community Project menu

Proudly Developed with from