Search for packages
| purl | pkg:composer/ezsystems/ezplatform-kernel@1.0.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-n9ba-bdr7-vkfg
Aliases: CVE-2021-46875 GHSA-mrvj-7q4f-5p42 GMS-2021-111 GMS-2021-47 |
Cross-site scripting in eZ Platform Kernel In file upload it is possible by certain means to upload files like .html and .js. These may contain XSS exploits which will be run when links to them are accessed by victims. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-r92d-urhv-fbed | eZ Platform Object Injection in SiteAccessMatchListener This Security Advisory is about an object injection vulnerability in the SiteAccessMatchListener of eZ Platform, which could lead to remote code execution (RCE), a very serious threat. All sites may be affected. Update: There are bugs introduced by this fix, particularly but not limited to compound siteaccess matchers. These have been fixed in ezsystems/ezplatform-kernel v1.0.3, and in ezsystems/ezpublish-kernel v7.5.8, v6.13.6.4, and v5.4.15. |
GHSA-2w9p-xxqr-h253
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T20:47:07.521779+00:00 | GitLab Importer | Affected by | VCID-n9ba-bdr7-vkfg | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/ezsystems/ezplatform-kernel/CVE-2021-46875.yml | 38.6.0 |
| 2026-06-04T16:51:20.547840+00:00 | GithubOSV Importer | Fixing | VCID-r92d-urhv-fbed | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-2w9p-xxqr-h253/GHSA-2w9p-xxqr-h253.json | 38.6.0 |
| 2026-06-04T16:21:42.459141+00:00 | GitLab Importer | Fixing | VCID-r92d-urhv-fbed | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/ezsystems/ezplatform-kernel/GHSA-2w9p-xxqr-h253.yml | 38.6.0 |