Packagist (Composer) package
ezsystems/ezplatform-kernel
pkg:composer/ezsystems/ezplatform-kernel
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-48366 | — | >= 1.3.0, < 1.3.19 | 1.3.19 | Mar 12, 2023 | An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack. | ||
| CVE-2022-48365 | — | >= 1.3.0, < 1.3.26 | 1.3.26 | Mar 12, 2023 | An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges. | ||
| CVE-2021-46875 | — | < 1.2.5.1 | 1.2.5.1 | Mar 12, 2023 | An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file. | ||
| CVE-2022-25336 | — | >= 1.3.0, < 1.3.12 | 1.3.12 | Feb 18, 2022 | Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced. |
- CVE-2022-48366Mar 12, 2023affected >= 1.3.0, < 1.3.19fixed 1.3.19
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.
- CVE-2022-48365Mar 12, 2023affected >= 1.3.0, < 1.3.26fixed 1.3.26
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.
- CVE-2021-46875Mar 12, 2023affected < 1.2.5.1fixed 1.2.5.1
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file.
- CVE-2022-25336Feb 18, 2022affected >= 1.3.0, < 1.3.12fixed 1.3.12
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced.