Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist ezsystems/ezpublish-kernel Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1ydmotN3E0Zi01cDQy
Cross-site scripting in eZ Platform Kernel
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel, ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS01eDRmLTd4Z3EtcjQyeM1REw
Object state limitation has no effect
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS14d3Y2LXY3cXgtZjVqY80tiQ
Code injection in ezsystems/ezpublish-kernel
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS00NG00LTljanAtajU4N80kcg
IBX-1392: Image filenames sanitization
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14ZnFnLXA0OGctaGg5NM4AArUB
Login timing attack in ezsystems/ezpublish-kernel
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdtcmYtOTlndy12dndq
/user/sessions endpoint allows detecting valid accounts
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS05OXIzLXhtbXEtN3E3Z84AAv0h
eZ Platform users with the Company admin role can assign any role to any user
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Published: 7 months ago
High
GSA_kwCzR0hTQS1xcTJqLTlwZjgtZzU4Y84AAyDw
Company admin role gives excessive privileges in eZ Platform Ibexa
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel, ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Published: 3 months ago
Low
GSA_kwCzR0hTQS02Nm00LWdjOGgtaHBqeM4AAyDt
Timing attack in eZ Platform Ibexa
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel, ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1oNXYyLXdyaHAtNXYzNc4AAyDv
Access control issue in ezsystems/ezpublish-kernel
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS04OXAzLTlqOGMtZnFoNM4AAyDu
User account enumeration in eZ Publish Ibexa Kernel
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1jNzM3LWpod3ItZnF4as4AAyDx
Cross Site Scripting in eZ Platform Ibexa Kernel
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel, ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Published: 3 months ago
Filter by Severity
Moderate 5,124 High 4,541 Critical 2,093 Low 670
Filter by Ecosystem
maven 3,856 npm 3,123 pypi 2,600 packagist 1,686 go 1,225 nuget 939 rubygems 706 cargo 636 hex 21 actions 10 pub 5
Filter by Package
pimcore/pimcore 98 microweber/microweber 75 thorsten/phpmyfaq 53 moodle/moodle 53 shopware/platform 41 typo3/cms-core 39 showdoc/showdoc 36 shopware/core 32 librenms/librenms 31 snipe/snipe-it 29 concrete5/concrete5 27 craftcms/cms 24 dolibarr/dolibarr 22 remdex/livehelperchat 22 typo3/cms 19 froxlor/froxlor 19 mautic/core 18 shopware/shopware 18 silverstripe/framework 18 baserproject/basercms 17 cakephp/cakephp 17 pocketmine/pocketmine-mp 16 yetiforce/yetiforce-crm 16 drupal/core 16 grumpydictator/firefly-iii 15 francoisjacquet/rosariosis 15 symfony/symfony 14 tribalsystems/zenario 13 ezsystems/ezpublish-kernel 12 phpmailer/phpmailer 12 getkirby/cms 12 openmage/magento-lts 12 forkcms/forkcms 12 getgrav/grav 12 feehi/feehicms 11 intelliants/subrion 11 nilsteampassnet/teampass 11 prestashop/prestashop 10 contao/core-bundle 10 october/system 10 centreon/centreon 9 concrete5/core 9 kevinpapst/kimai2 9 ssddanbrown/bookstack 8 ezsystems/ezplatform-kernel 8 funadmin/funadmin 8 topthink/framework 8 alextselegidis/easyappointments 8 codeigniter4/framework 8 sylius/sylius 8 wwbn/avideo 8 elefant/cms 8 facturascripts/facturascripts 8 impresscms/impresscms 8 october/backend 7 october/cms 7 feehi/cms 7 magento/community-edition 7 laravel/framework 7 smarty/smarty 7 wallabag/wallabag 7 backdrop/backdrop 6 dompdf/dompdf 6 simplesamlphp/simplesamlphp 6 guzzlehttp/guzzle 6 phpmyadmin/phpmyadmin 6 pterodactyl/panel 6 flarum/core 5 vrana/adminer 5 phpxmlrpc/phpxmlrpc 5 sulu/sulu 5 symfony/http-foundation 5 lavalite/cms 5 yourls/yourls 5 bottelet/flarepoint 5 symfony/security-http 5 pimcore/customer-management-framework-bundle 4 pear/archive_tar 4 directmailteam/direct-mail 4 cockpit-hq/cockpit 4 bolt/bolt 4 ezsystems/ezplatform-admin-ui 4 in2code/femanager 4 nukeviet/nukeviet 4 pagekit/pagekit 4 enshrined/svg-sanitize 4 cachethq/cachet 4 notrinos/notrinos-erp 4 idno/known 4 symfony/http-kernel 4 tinymce 4 TinyMCE 4 tinymce/tinymce 4 bytefury/crater 4 phpoffice/phpspreadsheet 3 typo3/cms-form 3 elgg/elgg 3 spatie/browsershot 3 silverstripe/admin 3 prestashop/productcomments 3 illuminate/database 3 uvdesk/community-skeleton 3 sylius/resource-bundle 3 nystudio107/craft-seomatic 3 ibexa/core 3 silverstripe/assets 3 composer/composer 3 twig/twig 3 icecoder/icecoder 3 symfony/security 3 rudloff/alltube 3 shopware/storefront 3 oro/platform 3 silverstripe/graphql 3 facade/ignition 3 limesurvey/limesurvey 3 gilacms/gila 3 symfony/security-bundle 2 shopxo/shopxo 2 getkirby/panel 2 wintercms/winter 2 protobuf 2 github.com/protocolbuffers/protobuf 2 Google.Protobuf 2 com.google.protobuf:protobuf-parent 2 google/protobuf 2 codeigniter4/shield 2 typo3/html-sanitizer 2 badaso/core 2 ether/logs 2 opencart/opencart 2 silverstripe/cms 2 dweeves/magmi 2 appwrite/server-ce 2 ibexa/admin-ui 2 studio-42/elfinder 2 laravel/laravel 2 yoast-seo-for-typo3/yoast_seo 2 exceedone/exment 2 billz/raspap-webgui 2 exceedone/laravel-admin 2 miniorange/miniorange-saml 2 october/october 2 buddypress/buddypress 2 yiisoft/yii2-dev 2 topthink/think 2 ezsystems/ezplatform-rest 2 verot/class.upload.php 2 neos/neos 2 s-cart/s-cart 2 azuracast/azuracast 2 bolt/core 2 erusev/parsedown 2 anchorcms/anchor-cms 2 guzzlehttp/psr7 2 croogo/croogo 2 squizlabs/php_codesniffer 2 ptrofimov/beanstalk_console 2 symfony/framework-bundle 2 modx/revolution 2 latte/latte 2 drupal/drupal 2 oro/commerce 2 processwire/processwire 2 noumo/easyii 2 typo3/cms-backend 2 phpfastcache/phpfastcache 2 october/rain 2 symfony/cache 2 react/http 2 privatebin/privatebin 2 unisharp/laravel-filemanager 2 league/commonmark 2 pixelfed/pixelfed 2 aheinze/cockpit 2 api-platform/core 2 typo3fluid/fluid 2 laminas/laminas-diactoros 2 admidio/admidio 2 packbackbooks/lti-1-3-php-library 2 cuyz/valinor 2 phpseclib/phpseclib 2 yiisoft/yii2-gii 2 codiad/codiad 2 helloxz/imgurl 2 filegator/filegator 2 harvesthq/chosen 1 livehelperchat/livehelperchat 1 contao/managed-edition 1 sitegeist/fluid-components 1 vova07/yii2-fileapi-widget 1 vanilla/safecurl 1 pimcore/perspective-editor 1 xataface/xataface 1 joomla/archive 1 litespeed.js 1 pear/crypt_gpg 1 laravel/fortify 1 sabberworm/php-css-parser 1 web-auth/webauthn-framework 1 personnummer/personnummer 1 ectouch/ectouch 1 php-mod/curl 1 simplesamlphp/simplesamlphp-module-openid 1 userfrosting/userfrosting 1 neorazorx/facturascripts 1 phpmussel/phpmussel 1 Sylius/Sylius 1 sylius/grid-bundle 1 laminas/laminas-form 1 spipu/html2pdf 1 fof/upload 1 matyhtf/framework 1 yiisoft/yii 1 melisplatform/melis-front 1 melisplatform/melis-cms 1 bmarshall511/wordpress_zero_spam 1 statamic/cms 1 yeswiki/yeswiki 1 ibexa/post-install 1 jsdecena/laracom 1 ezsystems/ezpublish-legacy 1 pimcore/data-hub 1 fenom/fenom 1 librenms/librenms/ 1 prestashop/gamification 1 bootstrap-3-typeahead 1 bassjobsen/bootstrap-3-typeahead 1 wpanel/wpanel4-cms 1 webcoast/deferred-image-processing 1 ecodev/newsletter 1 silverstripe/subsites 1 zoujingli/thinkadmin 1 area17/twill 1 genix/cms 1 ibexa/user 1 robrichards/xmlseclibs 1 django-tinymce 1 luyadev/yii-helpers 1 ttskch/pagination-service-provider 1 prestashop/autoupgrade 1 james-heinrich/getid3 1 s-cart/core 1 wp-graphql/wp-graphql 1 hillelcoren/invoice-ninja 1 netgen/tagsbundle 1 gaoming13/wechat-php-sdk 1 innologi/typo3-appointments 1 zendframework/zend-feed 1 silverstripe/versioned-admin 1 DotNetCasClient 1 fixpunkt/fp-newsletter 1 jasig/phpcas 1 fixpunkt/fp-masterquiz 1 org.jasig.cas:cas-client 1 mojo42/jirafeau 1 adodb/adodb-php 1 subrion/cms 1 phpunit/phpunit 1 arc/web 1 brotkrueml/schema 1 brotkrueml/typo3-matomo-integration 1 apereo/phpcas 1 topthink/thinkphp 1 sylius/paypal-plugin 1 krayin/laravel-crm 1 fluidtypo3/vhs 1 flarum/tags 1 symfony/security-guard 1 gos/web-socket-bundle 1 symfont/process 1 shopware/production 1 friendsoftypo3/mediace 1 usmanhalalit/pixie 1 cakephp/database 1 hyn/multi-tenant 1 liftkit/database 1 simplesamlphp/simplesamlphp-module-openidprovider 1 derhansen/fe_change_pwd 1 jackalope/jackalope-doctrine-dbal 1 symfony/mime 1 mittwald/typo3_forum 1 zendframework/zend-http 1 zendframework/zend-diactoros 1 mediawiki/matomo 1 kimai/kimai 1 kitodo/presentation 1 symfony/serializer 1 phpservermon/phpservermon 1 barrelstrength/sprout-base-email 1 contao/contao 1 barrelstrength/sprout-forms 1 doctrine/dbal 1 knplabs/knp-snappy 1 andreapollastri/cipi 1 in2code/lux 1 wp-cli/wp-cli 1 neoan3-apps/template 1 phpmyfaq/phpmyfaq 1 woocommerce/woocommerce 1