Security Advisory SSA-1005
EZ Publish "advancedsearch" XSS Vulnerability
Reference ID: SSA-1005Publication date: 25.03.2010
Severity: medium
Discovered by: Sebastian Apelt
Affected versions: >= 3.7.0 and <= 4.2.0
The advancedsearch functionality of EZ Publish is prone to an XSS attack due to the lack of input filtering on the “subTreeItem” parameters. The subTreeItems are passed to the application as part of the “SubTreeArray” variable and get inserted into the advancedsearch.tpl template without further sanitization. Authentication is not required to exploit this vulnerability.
References:
EZ Publish advisory
Patch: 16396.diff