Show filters
7 Total Results
Displaying 1-7 of 7
Sort by:
Attacker Value
Unknown
CVE-2022-48367
Disclosure Date: March 12, 2023 (last updated October 08, 2023)
An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled.
0
Attacker Value
Unknown
CVE-2022-48366
Disclosure Date: March 12, 2023 (last updated October 08, 2023)
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.
0
Attacker Value
Unknown
CVE-2022-48365
Disclosure Date: March 12, 2023 (last updated October 08, 2023)
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.
0
Attacker Value
Unknown
CVE-2021-46876
Disclosure Date: March 12, 2023 (last updated October 08, 2023)
An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence.
0
Attacker Value
Unknown
CVE-2021-46875
Disclosure Date: March 12, 2023 (last updated October 08, 2023)
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file.
0
Attacker Value
Unknown
CVE-2022-25337
Disclosure Date: February 18, 2022 (last updated October 07, 2023)
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames.
0
Attacker Value
Unknown
CVE-2022-25336
Disclosure Date: February 18, 2022 (last updated October 07, 2023)
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced.
0
