Every CVE whose affected-product data names Ez Ez Publish, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2007-4493 — CVSS 10.0 (critical): eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has…
CVE-2005-4853 — CVSS 9.4 (critical): The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before…
CVE-2012-1565 — CVSS 7.5 (high): Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure…
CVE-2010-2672 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the…
CVE-2008-6844 — CVSS 7.5 (high): The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows…
CVE-2012-4053 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in eZOE flash player in eZ Publish 4.1 through 4.6 allows remote attackers to hijack the…
CVE-2003-0310 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in articleview.php for eZ publish 2.2 allows remote attackers to insert arbitrary web script.
CVE-2017-1000431 — CVSS 6.1 (medium): eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk…
CVE-2007-4494 — CVSS 5.0 (medium): The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote…
CVE-2005-4850 — CVSS 5.0 (medium): eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers…
CVE-2005-4852 — CVSS 5.0 (medium): The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before 20050812 converts all non-alphanumeric characters in a URI…
CVE-2005-4854 — CVSS 5.0 (medium): eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict notifications, which allows remote…
CVE-2005-4856 — CVSS 5.0 (medium): The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle…
CVE-2006-0938 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via…
CVE-2010-2671 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ Publish 3.7.0 through 4.2.0 allows remote attackers to inject…
CVE-2005-4857 — CVSS 4.0 (medium): eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a…
CVE-2006-7218 — CVSS 4.0 (medium): eZ publish before 3.8.1 does not properly enforce permissions for "content edit Language" when there are four or more languages, which…
CVE-2006-7219 — CVSS 4.0 (medium): eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users…
CVE-2005-4851 — CVSS 4.0 (medium): eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to…
CVE-2005-4855 — CVSS 3.5 (low): Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does…