VULHUB ™

eZ publish is prone to cross-site scripting attacks. This is due to insufficient sanitization of data passed to the search facility via URI parameters. As a result, it is possible for a remote user to create a malicious link to a site hosting the vulnerable software which contains hostile HTML and script code. If the link is visited, the attacker-supplied script code and HTML may be interpreted by the user's web browser. This could allow for compromise of cookie-based credentials or other possible attacks. This issue was reported in eZ publish 2.2.7. Other versions may also be affected.

eZ publish is prone to cross-site scripting attacks. This is due to insufficient sanitization of data passed to the search facility via URI parameters. As a result, it is possible for a remote user to create a malicious link to a site hosting the vulnerable software which contains hostile HTML and script code. If the link is visited, the attacker-supplied script code and HTML may be interpreted by the user's web browser. This could allow for compromise of cookie-based credentials or other possible attacks. This issue was reported in eZ publish 2.2.7. Other versions may also be affected.