Unrated severityNVD Advisory· Published Aug 17, 2012· Updated Apr 29, 2026

CVE-2012-1597

Description

Cross-site scripting (XSS) vulnerability in the textEncode function in classes/ezjscajaxcontent.php in eZ JS Core in eZ Publish before 1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected products

Ez/Ezjscore2 versions
cpe:2.3:a:ez:ezjscore:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ez:ezjscore:*:*:*:*:*:*:*:*range: <=1.4
- cpe:2.3:a:ez:ezjscore:1.0:*:*:*:*:*:*:*

Patches

58854564c7b8

https://github.com/ezsystems/ezjscorevia nvd-ref

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/ezsystems/ezjscore/commit/58854564c7b8672090c25c4b1677d08620d870f2nvdExploitPatch
share.ez.no/community-project/security-advisories/ezsa-2012-006-xss-exploit-on-ezjscore-run-command-when-using-firefoxnvd
www.openwall.com/lists/oss-security/2012/05/11/6nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.030
kev	0.000
patch	-0.070
ransomware	0.000