Description
Cross-site scripting (XSS) vulnerability in the textEncode function in classes/ezjscajaxcontent.php in eZ JS Core in eZ Publish before 1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Yann MICHARD · textwebappsphp
https://www.exploit-db.com/exploits/37024
References (3)
Core 3
Core References
Exploit, Patch x_refsource_confirm
https://github.com/ezsystems/ezjscore/commit/58854564c7b8672090c25c4b1677d08620d870f2
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/05/11/6
Various Sources x_refsource_confirm
http://share.ez.no/community-project/security-advisories/ezsa-2012-006-xss-exploit-on-ezjscore-run-command-when-using-firefox
Scores
EPSS
0.0254
EPSS Percentile
85.6%
Details
CWE
CWE-79
Status
published
Products (2)
ez/ezjscore
1.0
ez/ezjscore
< 1.4
Published
Aug 17, 2012
Tracked Since
Feb 18, 2026