header-logo
Suggest Exploit
vendor:
eZ Publish
by:
5.5
CVSS
MEDIUM
Cross Site Scripting
79
CWE
Product Name: eZ Publish
Affected Version From:
Affected Version To:
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Cross Site Scripting Vulnerabilities in eZ Publish

Several cross site scripting vulnerabilities have been reported for eZ Publish. These vulnerabilities are due to insufficient sanitization of user-supplied data submitted to eZ Publish. Exploitation may allow theft of cookie-based authentication credentials or other attacks.

Mitigation:

The vendor has released patches to address the vulnerabilities. It is recommended to update to the latest version of eZ Publish.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7348/info

Several cross site scripting vulnerabilities have been reported for eZ Publish. These vulnerabilities are due to insufficient sanitization of user-supplied data submitted to eZ Publish.

Exploitation may allow theft of cookie-based authentication credentials or other attacks. 

http://[target]/index.php/content/search/?SectionID=3&SearchText=[hostile_code]
http://[target]/index.php/[any_section]/">[hostile_code]<
http://[target]/index.php/"><script>[hostile_code]<

Navigation

Suggest Exploit

Services By CQR