Information disclosure
This Security Advisory covers an issue with content fetching, which may allow a remote exploit, depending on eZ JS Core function access policy settings. In the worst case, which is also the default...
View ArticleInformation disclosure issue in ezoe extension
This Security Advisory fixes an issue related to browsing for content objects, tagging, reading and editing in the eZ OE extension which is used by almost all eZ Publish installations. It may be...
View ArticleInformation disclosure
This Security Advisory enhances a kernel function related to the changing of priority (a sort order criteria) in node lists in eZ Publish. It will provide another line of defense if the module calling...
View ArticleContent removal access check issue in ezstyleeditor extension
This Security Advisory covers an issue related to image removal in the eZ Style Editor extension. An attacker may be able to delete any object, by knowing or guessing its node ID. This vulnerability...
View ArticleBlock handling access check issue in ezflow extension
This Security Advisory covers an issue related to block items in the eZ Flow extension. An attacker may be able to read protected content, and change the order of blocks, without having the right...
View ArticleXSS exploit on eZJSCore RUN command when using Firefox
This update fixes a security issue related to cross site scripting (XSS) in eZ JS Core. When the ezjscore module is activated and the ezjscnode service is accessible, an attacker can create a...
View ArticleCross site scripting (XSS) issue in the ezstarrating extension
This update fixes a security issue related to cross site scripting (XSS) in the ezstarrating extension.If id of attribute provided to ezsrServerFunctions::rate() contained a script and the other...
View ArticleCross site scripting (XSS) issue in the ezoption datatype
This update fixes a security issue related to cross site scripting (XSS) in the ezoption datatype.ezoption datatype was missing wash() operators on output, so if your site uses this datatype then you...
View ArticleezpSessionHandlerPHP based sites don't expire active user sessions upon...
When using native php based sessions, eZ Publish is not able to logout an active user.The change involves caching is_enabled info in user cache, and properly purge user cache when disabling a user....
View ArticleeZOE flash player CSRF security issues
TinyMCE media plugin includes a flash player that in pervious versions of eZ Publish (ezoe) where vulnerable to CSRF attacks.As the media plugin (and hence the .swf file) is not used by eZ Online...
View ArticleeZ Publish user login cross site scripting (XSS) vulnerability
This Security Update fixes a cross site scripting (XSS) vulnerability where an attacker could insert JavaScript commands into the login field (username) of their user account, when registering as a new...
View ArticleLDAP user and group strings are not escaped
This update fixes a security issue related to lack of escaping of ldap user and user group names.Patch:https://github.com/ezsystems/ezpublish/commit/163cfd745A Security Update with the reference...
View ArticleXSS exploits caused by versionview
This security update fixes a cross site scripting (XSS) vulnerability in the content/versionview module. It adds escaping/conversion to input parameters, so that an attacker cannot insert scripting...
View ArticleXSS attack possible in content/browse
This Security Update fixes a cross site scripting (XSS) vulnerability where an attacker could insert JavaScript commands into the ViewMode parameter of the Browse view. The update ensures that such...
View ArticleWebsite spoofing attack possible on user/login (and other urls as well)
This Security Update fixes a spoofing/phishing vulnerability where an attacker, using a cloned web site, could get users to login to your web site and then be redirected back to the the clone site,...
View ArticleXss vulnerability on user/login
This Security Update fixes a cross site scripting (XSS) vulnerability where an attacker could insert JavaScript commands into POST parameters of the login template. The update ensures that such...
View Article404 errors may lead to DDOS attacks
This Security Update fixes a vulnerability where URLs that lead to a HTTP 404 error is uniquely cached, causing a new cache file to be generated for each such error. This behavior can in theory be...
View ArticleXSS attack possible in content treemenu (object names not sanitized)
This Security Update fixes a cross site scripting (XSS) vulnerability where folder names and user group names where not properly protected against XSS injections in the left menu of the administration...
View ArticleXSS issues in admin design
This Security Update fixes a cross site scripting (XSS) vulnerability where the root node name and content class names were not properly protected against XSS injection (the inserting of HTML code...
View ArticleObject that should not be visible appears in object relation(s)
This Security Update fixes a problem with object relation visibility. Related objects could be displayed even when the user did not have read access to them. After this update, the default templates...
View ArticleSymfony's Request::getHost() vulnerable to host head attack
In Request::getHost(), if the underlying web server is not correctly configured to deny requests that come from untrusted domain names, the absolute URL generation would be vulnerable to HOST http...
View Article