CVE-2005-4855

Published: Dec 31, 2005Modified: Apr 16, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks.

Affected (4)

Products: Ez: Ez Publish

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ez Ez Publish	From 3.5.0 to 3.5.5
Ez Ez Publish	From 3.6.0 to 3.6.2
Ez Ez Publish	Version 3.7.0 rc1
Ez Ez Publish	Version 3.8.0

Related CWEs

References (4)

http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0

Source: cve@mitre.org

Vendor Advisory

http://issues.ez.no/5984

Source: cve@mitre.org

Vendor Advisory

http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://issues.ez.no/5984

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.