Die siberas GmbH ein auf Sicherheitsanalysen und Penetrationstests spezialisiertes Beratungsunternehmen, welches Sie herstellerunabhängig und kompetent im Bereich IT-Sicherheit berät.


EZ Publish "advancedsearch" XSS Vulnerability

Reference ID: SSA-1005
Publication date: 25.03.2010
Severity: medium
Discovered by: Sebastian Apelt

Affected versions: >= 3.7.0 and <= 4.2.0

The advancedsearch functionality of EZ Publish is prone to an XSS attack due to the lack of input filtering on the “subTreeItem” parameters. The subTreeItems are passed to the application as part of the “SubTreeArray” variable and get inserted into the advancedsearch.tpl template without further sanitization. Authentication is not required to exploit this vulnerability.

EZ Publish advisory
Patch: 16396.diff