VulnerableCode Package Details - pkg:composer/ezsystems/ezplatform-admin-ui@2.3.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-3pp4-cq4u-1kdm Aliases: GHSA-99c7-c3mw-mxhv	ezsystems/ezplatform-admin-ui has an XSS vulnerability in Cancel/Reschedule future publication modal This security advisory resolves an XSS vulnerability in image asset names, content language names and future publishing in the back office of the DXP. Back office access and varying levels of editing and management permissions are required to exploit this vulnerability. This typically means Editor or Administrator role, or similar. Injected XSS is persistent and may in some cases be reflected in the front office, possibly affecting end users. The fixes ensure XSS is escaped, and any existing injected XSS is rendered harmless.	2.3.39 Affected by 0 other vulnerabilities.
VCID-jeay-1dqr-pygf Aliases: GHSA-pcpm-vc4v-cmvx	eZ Platform users with the Company admin role can assign any role to any user	2.3.26 Affected by 0 other vulnerabilities.
VCID-xxs5-b7eu-u3es Aliases: GHSA-58h5-h554-429q	ezplatform-admin-ui vulnerable to Cross-Site Scripting (XSS)	2.3.26 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-3pp4-cq4u-1kdm
Aliases:
GHSA-99c7-c3mw-mxhv

ezsystems/ezplatform-admin-ui has an XSS vulnerability in Cancel/Reschedule future publication modal This security advisory resolves an XSS vulnerability in image asset names, content language names and future publishing in the back office of the DXP. Back office access and varying levels of editing and management permissions are required to exploit this vulnerability. This typically means Editor or Administrator role, or similar. Injected XSS is persistent and may in some cases be reflected in the front office, possibly affecting end users. The fixes ensure XSS is escaped, and any existing injected XSS is rendered harmless.

2.3.39
Affected by 0 other vulnerabilities.

VCID-jeay-1dqr-pygf
Aliases:
GHSA-pcpm-vc4v-cmvx

eZ Platform users with the Company admin role can assign any role to any user

2.3.26
Affected by 0 other vulnerabilities.

VCID-xxs5-b7eu-u3es
Aliases:
GHSA-58h5-h554-429q

ezplatform-admin-ui vulnerable to Cross-Site Scripting (XSS)

2.3.26
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T01:05:39.453613+00:00	GHSA Importer	Affected by	VCID-3pp4-cq4u-1kdm	https://github.com/advisories/GHSA-99c7-c3mw-mxhv	38.6.0
2026-05-31T01:01:15.714232+00:00	GHSA Importer	Affected by	VCID-jeay-1dqr-pygf	https://github.com/advisories/GHSA-pcpm-vc4v-cmvx	38.6.0
2026-05-31T01:01:15.444970+00:00	GHSA Importer	Affected by	VCID-xxs5-b7eu-u3es	https://github.com/advisories/GHSA-58h5-h554-429q	38.6.0
2026-05-30T21:04:28.249479+00:00	GitLab Importer	Affected by	VCID-3pp4-cq4u-1kdm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/ezsystems/ezplatform-admin-ui/GHSA-99c7-c3mw-mxhv.yml	38.6.0