ezsystems/ezpublish-legacy

Packagist2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting ezsystems/ezpublish-legacypage 1 of 1

CVE-2017-1000431MEDIUMCVSS 6.1EG 6.1✓ Fixed in 5.3.12.1
2018-01-02
eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials.
CVE-2020-10806CRITICALCVSS 9.8EG 9.8✓ Fixed in 2019.03.4.2
2020-03-22
vulnerable: v2019.03.0 ... v2019.03.4 (7 versions)
eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy before 5.4.14.1, 2017 before 2017.12.7.2, and 2019 before 2019.03.4.2 allow remote attackers to execute arbitrary code by uploading PHP co…

Check whether ezsystems/ezpublish-legacy is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for ezsystems/ezpublish-legacy CVEs against the assets you own.

Start Free Scan →