GHSA-c737-jhwr-fqxj, CVE-2021-46875
packagist/ezsystems/ezplatform-kernel
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file.
All versions starting from 1.2.0 before 1.2.5.1, all versions starting from 1.3.0 before 1.3.1.1
Upgrade to versions 1.2.5.1, 1.3.1.1 or above.
2023-03-16
source |