This site has been archived and you can no longer log in or post new messages. For up-to-date community resources please visit

eZ Community » Security Advisories » EZSA-2017-005: XSS issue in search

EZSA-2017-005: XSS issue in search

Publication date : 22/08/2017
Severity : High
Affected versions : 4.6 - 5.4, all community versions at time of writing (legacy only)
Resolving versions : 5.4.10,, and published service packs for all other supported versions

This security advisory is to fix a cross-site scripting (XSS) vulnerability in the content/search module in eZ Publish legacy, which allows javascript to be injected. We strongly recommend that you install this Security Update as soon as possible.

Patch for eZ Publish (legacy):

Have you found a security bug in eZ Publish or eZ Platform? See how to report it responsibly here:

36 542 Users on board!

Community Project menu

Proudly Developed with from