Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2007-07-06T19:00:00Z
Updated: 2024-09-17T03:23:06.497Z
Reserved: 2007-07-06T00:00:00Z
Link: CVE-2005-4855
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2005-12-31T05:00:00.000
Modified: 2018-09-27T21:38:16.747
Link: CVE-2005-4855
Redhat
No data.