Medium severity6.1NVD Advisory· Published Mar 12, 2023· Updated Jun 17, 2026
CVE-2021-46875
CVE-2021-46875
Description
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ezsystems/ezpublish-kernelPackagist | < 6.13.8.2 | 6.13.8.2 |
ezsystems/ezpublish-kernelPackagist | >= 7.0.0, < 7.5.15.2 | 7.5.15.2 |
ezsystems/ezplatform-kernelPackagist | < 1.2.5.1 | 1.2.5.1 |
ezsystems/ezplatform-kernelPackagist | >= 1.3.0, < 1.3.1.1 | 1.3.1.1 |
Affected products
3- eZ Platform/Ibexa Kerneldescription
- ghsa-coords2 versions
< 1.2.5.1+ 1 more
- (no CPE)range: < 1.2.5.1
- (no CPE)range: < 6.13.8.2
Patches
Vulnerability mechanics
References
6- github.com/ezsystems/ezpublish-kernel/commit/29fecd2afe86f763510f10c02f14962d028f311bnvdPatchWEB
- github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42nvdPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-mrvj-7q4f-5p42ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-46875ghsaADVISORY
- packagist.org/packages/ezsystems/ezplatform-kernelghsaWEB
- packagist.org/packages/ezsystems/ezpublish-kernelghsaWEB
News mentions
0No linked articles in our index yet.