eZ Systems
Products
5- 9 CVEs
- 1 CVE
- 1 CVE
- 0 CVEs
- 0 CVEs
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-23065 | Med | 0.35 | 5.4 | 0.00 | Jun 26, 2023 | Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish Platform v.5.4 and eZ Publish Legacy v.5.4 allows a remote authenticated attacker to execute arbitrary code via the video-js.swf. | ||
| CVE-2002-1818 | 0.04 | — | 0.07 | Dec 31, 2002 | ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read arbitrary files via a full pathname in the AnalyseSite parameter. | |||
| CVE-2012-4053 | 0.00 | — | 0.01 | Jul 25, 2012 | Cross-site request forgery (CSRF) vulnerability in eZOE flash player in eZ Publish 4.1 through 4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2010-2671 | 0.00 | — | 0.01 | Jul 8, 2010 | Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ Publish 3.7.0 through 4.2.0 allows remote attackers to inject arbitrary web script or HTML via the subTreeItem parameter. | |||
| CVE-2007-4493 | 0.00 | — | 0.02 | Aug 23, 2007 | eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module. | |||
| CVE-2006-7219 | 0.00 | — | 0.01 | Jul 6, 2007 | eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this… | |||
| CVE-2005-4850 | 0.00 | — | 0.01 | Dec 31, 2005 | eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users. | |||
| CVE-2005-4852 | 0.00 | — | 0.01 | Dec 31, 2005 | The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before 20050812 converts all non-alphanumeric characters in a URI to '_' (underscore), which allows remote attackers to bypass access restrictions by inserting certain characters in a URI, as demonstrated by… | |||
| CVE-2005-4856 | 0.00 | — | 0.01 | Dec 31, 2005 | The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via… | |||
| CVE-2005-4851 | 0.00 | — | 0.01 | Dec 31, 2005 | eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects. |
- risk 0.35cvss 5.4epss 0.00
Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish Platform v.5.4 and eZ Publish Legacy v.5.4 allows a remote authenticated attacker to execute arbitrary code via the video-js.swf.
- CVE-2002-1818Dec 31, 2002risk 0.04cvss —epss 0.07
ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read arbitrary files via a full pathname in the AnalyseSite parameter.
- CVE-2012-4053Jul 25, 2012risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in eZOE flash player in eZ Publish 4.1 through 4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2010-2671Jul 8, 2010risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ Publish 3.7.0 through 4.2.0 allows remote attackers to inject arbitrary web script or HTML via the subTreeItem parameter.
- CVE-2007-4493Aug 23, 2007risk 0.00cvss —epss 0.02
eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module.
- CVE-2006-7219Jul 6, 2007risk 0.00cvss —epss 0.01
eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this…
- CVE-2005-4850Dec 31, 2005risk 0.00cvss —epss 0.01
eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users.
- CVE-2005-4852Dec 31, 2005risk 0.00cvss —epss 0.01
The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before 20050812 converts all non-alphanumeric characters in a URI to '_' (underscore), which allows remote attackers to bypass access restrictions by inserting certain characters in a URI, as demonstrated by…
- CVE-2005-4856Dec 31, 2005risk 0.00cvss —epss 0.01
The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via…
- CVE-2005-4851Dec 31, 2005risk 0.00cvss —epss 0.01
eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.