This site has been archived and you can no longer log in or post new messages. For up-to-date community resources please visit ezplatform.com

eZ Community » Security Advisories » EZSA-2011-02: Cross site scripting...

EZSA-2011-02: Cross site scripting (XSS) issue in the ezoption datatype

Publication date : 09/05/2012
Severity : Low
Affected versions : 4.0, 4.1 4.2, 4.3, 4.4, 4.5, 4.6 (enterprise version not affected)
Resolving versions : 4.0, 4.1 4.2, 4.3, 4.4, 4.5, 4.6, 4.7

This update fixes a security issue related to cross site scripting (XSS) in the ezoption datatype.ezoption datatype was missing wash() operators on output, so if your site uses this datatype then you are at risk of allowing XSS attacks. 

Patch:

https://github.com/ezsystems/ezpublish/commit/2444b4a70f23d6873cd8dd70474cfe7a411cfd19

A Security Update with the reference EZPSA-2011-002 is available for eZ Publish Enterprise customers.

36 542 Users on board!

Community Project menu

Proudly Developed with from