eZ.Publish.ezjscore.Module.XSS
Description
This indicates an attack attempt to exploit a Cross Site Scripting vulnerability in eZ publish.
This issue is caused by a lack of sanitizing of the parameter that is passed to "/ezjscore/call". It may allow remote attackers to execute arbitrary script via sending a crafted HTTP request to the vulnerable application.
Affected Products
eZ publish eZ publish 4.6
eZ publish eZ publish 4.5
Impact
System Compromise: Remote attackers can execute arbitrary script code in the context of the affected site.
Recommended Actions
Currently we are unaware of any vendor supplied patch for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |