Die siberas GmbH ein auf Sicherheitsanalysen und Penetrationstests spezialisiertes Beratungsunternehmen, welches Sie herstellerunabhängig und kompetent im Bereich IT-Sicherheit berät.
EZ Publish "advancedsearch" XSS Vulnerability
Reference ID: SSA-1005Affected versions: >= 3.7.0 and <= 4.2.0
The advancedsearch functionality of EZ Publish is prone to an XSS attack due to the lack of input filtering on the “subTreeItem” parameters. The subTreeItems are passed to the application as part of the “SubTreeArray” variable and get inserted into the advancedsearch.tpl template without further sanitization. Authentication is not required to exploit this vulnerability.
References:
EZ Publish advisory
Patch: 16396.diff