GHSA-c737-jhwr-fqxj, CVE-2021-46875
packagist/ezsystems/ezpublish-kernel
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file.
All versions starting from 6.13.0 before 6.13.8.2, all versions starting from 7.5.0 before 7.5.15.2
Upgrade to versions 6.13.8.2, 7.5.15.2 or above.
2023-03-16
source |