Medium severity6.1NVD Advisory· Published Jan 2, 2018· Updated Jun 17, 2026
CVE-2017-1000431
CVE-2017-1000431
Description
eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ezsystems/ezpublish-legacyPackagist | >= 5.4.0, < 5.4.10 | 5.4.10 |
ezsystems/ezpublish-legacyPackagist | >= 5.3.0, < 5.3.12.1 | 5.3.12.1 |
Affected products
1Patches
Vulnerability mechanics
References
6- share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-searchnvdPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-m98q-p5gq-q5ffghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-1000431ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/CVE-2017-1000431.yamlghsaWEB
- github.com/ezsystems/ezpublish-legacy/commit/c7174295fa0b9bd81bd4af908082464b0b80f278ghsaWEB
- web.archive.org/web/20210408035246/http://share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-searchghsaWEB
News mentions
0No linked articles in our index yet.