This Security Update fixes a cross site scripting (XSS) vulnerability where folder names and user group names where not properly protected against XSS injections in the left menu of the administration backend. The update ensures that such injected code cannot be executed. We strongly recommend that you install this Security Update as soon as possible.
Patches
eZ Publish: https://github.com/ezsystems/ezpublish-legacy/commit/b768d2f22bae527eaa659d16fba84c3e63507e5c
Related to EZSA-2013-011: https://github.com/ezsystems/ezpublish-legacy/commit/9928aa21d338ac077ddf96ee22e4be4b6ffe7051
Followup regression fixes related to these patches:
https://github.com/ezsystems/ezpublish-legacy/commit/809d9cf55d417777831f6f19cfee510863f39c97
https://github.com/ezsystems/ezpublish-legacy/commit/1010cafa1a938472bf4f58c9cb2208aac1a9c828
