CVE-2017-1000431: XSS issue in search

January 2, 2018 (updated January 17, 2018)

There’s a Cross-Site Scripting (XSS) vulnerability in the content/search module in eZ Publish legacy, which allows javascript to be injected.

References

share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search
github.com/ezsystems/ezpublish-legacy/commit/c7174295fa0b9bd81bd4af908082464b0b80f278

Detect and mitigate CVE-2017-1000431 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →