Описание
Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ Publish 3.7.0 through 4.2.0 allows remote attackers to inject arbitrary web script or HTML via the subTreeItem parameter.
Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ Publish 3.7.0 through 4.2.0 allows remote attackers to inject arbitrary web script or HTML via the subTreeItem parameter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-2671
- http://ez.no/de/content/download/321164/3192243/version/1/file/16396.diff
- http://ez.no/de/content/download/321443/3196351/version/1/file/combined_patch_42.diff
- http://ez.no/de/developer/security/security_advisories/ez_publish_4_2/ezsa_2010_001_remote_vulnerability_in_ez_search
- http://osvdb.org/63239
- http://secunia.com/advisories/39101
- http://www.securityfocus.com/bid/38985
- http://www.siberas.de/advisories/advisories_2010.html
Связанные уязвимости
nvd
больше 15 лет назад
Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ Publish 3.7.0 through 4.2.0 allows remote attackers to inject arbitrary web script or HTML via the subTreeItem parameter.
debian
больше 15 лет назад
Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ P ...