This Security Update fixes a cross site scripting (XSS) vulnerability where the root node name and content class names were not properly protected against XSS injection (the inserting of HTML code containing JavaScript) in the left menu of the administration backend. The update ensures that such injected code cannot be executed. We strongly recommend that you install this Security Update as soon as possible.
eZ Publish patch:
https://github.com/ezsystems/ezpublish-legacy/commit/9928aa21d338ac077ddf96ee22e4be4b6ffe7051
Related to EZSA-2013-010:
https://github.com/ezsystems/ezpublish-legacy/commit/b768d2f22bae527eaa659d16fba84c3e63507e5c
Followup fixes related to these patches:
https://github.com/ezsystems/ezpublish-legacy/commit/809d9cf55d417777831f6f19cfee510863f39c97
https://github.com/ezsystems/ezpublish-legacy/commit/1010cafa1a938472bf4f58c9cb2208aac1a9c828
