Ibexa Kernel and Kernel for eZ Platform can be abused to upload code that contains XSS vulnerabilities

Go back

severity: high
date: March 12, 2023
Affecting: ezplatform-kernel versions prior to and including 1.2.5 and between 1.3.0 and 1.3.1 inclusive
ezpublish-kernel versions prior to and including 6.13.8.1 and between 7.0.0 and 7.5.15.1 inclusive
CVE: CVE-2021-46875
CVE type: Improper Neutralization of Input During Web Page Generation
CVSS: 5.4
CVSS V3 Vector: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
References: GHSA-mrvj-7q4f-5p42
fix commit