EzPublish "Directory" XSS Vulnerability

20-7-2003

------------------------------------------------------ EzPublish "Directory" XSS Vulnerability ------------------------------------------------------ Any attacker may access other users/admin accounts. ------------------------------------------------------ About Ezpublish; ------------------------------------------------------ PHP Based Content Management System Vendor : http://ez.no Demo : http://publishdemo.ez.no/ ------------------------------------------------------ Vulnerable; ------------------------------------------------------ eZ publish 2.2 ------------------------------------------------------ Not Vulnerable; ------------------------------------------------------ eZ publish 3 ------------------------------------------------------ Solution; ------------------------------------------------------ File provided by vendor; http://www.securityfocus.com/archive/attachment/321714/2/ ------------------------------------------------------ Exploit; ------------------------------------------------------ http://[victim]/index.php/article/articleview/ ------------------------------------------------------ Published; ------------------------------------------------------ May 16 2003 3:22AM Ferruh Mavituna Web Application Security Specialist http://ferruh.mavituna.com

Recent Blog Posts

See all of the blog posts