header-logo
Suggest Exploit
vendor:
eZ publish
by:
SecurityFocus
4.3
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: eZ publish
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

eZ publish Cross-Site Scripting Vulnerability

eZ publish does not sufficiently sanitize user-supplied input supplied to the 'index.php' script, which may allow for theft of cookie-based authentication credentials and other attacks.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7616/info

A cross-site scripting vulnerability has been reported for eZ publish. Specifically, eZ publish does not sufficiently sanitize user-supplied input supplied to the 'index.php' script.

This may allow for theft of cookie-based authentication credentials and other attacks. 

http://www.example.com/index.php/article/articleview/<img%20src="javascript:alert(document.cookie)">

Navigation

Suggest Exploit

Services By CQR