Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/ezsystems/ezplatform-kernel@1.3.0
Typecomposer
Namespaceezsystems
Nameezplatform-kernel
Version1.3.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.3.1+1
Latest_non_vulnerable_version7.5.26
Affected_by_vulnerabilities
0
url VCID-1515-rc8b-zbbm
vulnerability_id VCID-1515-rc8b-zbbm
summary An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-48365
reference_id
reference_type
scores
0
value 0.00693
scoring_system epss
scoring_elements 0.72346
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-48365
1
reference_url https://github.com/ezsystems/ezpublish-kernel
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-48365
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-48365
3
reference_url https://github.com/ezsystems/ezpublish-kernel/commit/957e67a08af2b3265753f9763943e8225ed779ab
reference_id 957e67a08af2b3265753f9763943e8225ed779ab
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T20:32:41Z/
url https://github.com/ezsystems/ezpublish-kernel/commit/957e67a08af2b3265753f9763943e8225ed779ab
4
reference_url https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-8h83-chh2-fchp
reference_id GHSA-8h83-chh2-fchp
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T20:32:41Z/
url https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-8h83-chh2-fchp
5
reference_url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-99r3-xmmq-7q7g
reference_id GHSA-99r3-xmmq-7q7g
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T20:32:41Z/
url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-99r3-xmmq-7q7g
6
reference_url https://github.com/advisories/GHSA-qq2j-9pf8-g58c
reference_id GHSA-qq2j-9pf8-g58c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qq2j-9pf8-g58c
7
reference_url https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips
reference_id ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T20:32:41Z/
url https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips
fixed_packages
0
url pkg:composer/ezsystems/ezplatform-kernel@1.3.26
purl pkg:composer/ezsystems/ezplatform-kernel@1.3.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7sz7-dqqq-yfdd
1
vulnerability VCID-tsqp-6yut-77b3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-kernel@1.3.26
aliases CVE-2022-48365, GHSA-qq2j-9pf8-g58c
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1515-rc8b-zbbm
1
url VCID-3gup-ykex-ruch
vulnerability_id VCID-3gup-ykex-ruch
summary eZ Platform users with the Company admin role can assign any role to any user
references
0
reference_url https://github.com/ezsystems/ezplatform-kernel
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-kernel
1
reference_url https://github.com/ezsystems/ezplatform-kernel/commit/2a7479958584a15ee046dfa886d6bfeb4ebfa2f6
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-kernel/commit/2a7479958584a15ee046dfa886d6bfeb4ebfa2f6
2
reference_url https://github.com/advisories/GHSA-8h83-chh2-fchp
reference_id GHSA-8h83-chh2-fchp
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8h83-chh2-fchp
3
reference_url https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-8h83-chh2-fchp
reference_id GHSA-8h83-chh2-fchp
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-8h83-chh2-fchp
fixed_packages
0
url pkg:composer/ezsystems/ezplatform-kernel@1.3.26
purl pkg:composer/ezsystems/ezplatform-kernel@1.3.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7sz7-dqqq-yfdd
1
vulnerability VCID-tsqp-6yut-77b3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-kernel@1.3.26
aliases GHSA-8h83-chh2-fchp
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3gup-ykex-ruch
2
url VCID-5buq-dxsm-t3b9
vulnerability_id VCID-5buq-dxsm-t3b9
summary Object state limitation has no effect
references
0
reference_url https://github.com/ezsystems/ezplatform-kernel
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-kernel
1
reference_url https://github.com/advisories/GHSA-w8qp-hmh5-4v9v
reference_id GHSA-w8qp-hmh5-4v9v
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w8qp-hmh5-4v9v
2
reference_url https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-w8qp-hmh5-4v9v
reference_id GHSA-w8qp-hmh5-4v9v
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-w8qp-hmh5-4v9v
fixed_packages
0
url pkg:composer/ezsystems/ezplatform-kernel@1.3.17
purl pkg:composer/ezsystems/ezplatform-kernel@1.3.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1515-rc8b-zbbm
1
vulnerability VCID-7sz7-dqqq-yfdd
2
vulnerability VCID-jjry-usfr-dqfy
3
vulnerability VCID-tsqp-6yut-77b3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-kernel@1.3.17
aliases GHSA-w8qp-hmh5-4v9v, GMS-2022-1044
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5buq-dxsm-t3b9
3
url VCID-7sz7-dqqq-yfdd
vulnerability_id VCID-7sz7-dqqq-yfdd
summary Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
references
0
reference_url https://developers.ibexa.co/security-advisories/ibexa-sa-2024-002-file-validation-and-workflow-stages
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://developers.ibexa.co/security-advisories/ibexa-sa-2024-002-file-validation-and-workflow-stages
1
reference_url https://github.com/ezsystems/ezplatform-kernel
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-kernel
2
reference_url https://github.com/ezsystems/ezplatform-kernel/commit/7e472317f7c75f45f72f74c38406952d8bea0de1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-kernel/commit/7e472317f7c75f45f72f74c38406952d8bea0de1
3
reference_url https://github.com/advisories/GHSA-mwvh-p3hx-x4gg
reference_id GHSA-mwvh-p3hx-x4gg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwvh-p3hx-x4gg
4
reference_url https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-mwvh-p3hx-x4gg
reference_id GHSA-mwvh-p3hx-x4gg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-mwvh-p3hx-x4gg
fixed_packages
0
url pkg:composer/ezsystems/ezplatform-kernel@1.3.35
purl pkg:composer/ezsystems/ezplatform-kernel@1.3.35
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-kernel@1.3.35
1
url pkg:composer/ezsystems/ezplatform-kernel@4.0.0-alpha1
purl pkg:composer/ezsystems/ezplatform-kernel@4.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-kernel@4.0.0-alpha1
aliases GHSA-mwvh-p3hx-x4gg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7sz7-dqqq-yfdd
4
url VCID-93qx-tphk-qbhg
vulnerability_id VCID-93qx-tphk-qbhg
summary An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-46875
reference_id
reference_type
scores
0
value 0.00542
scoring_system epss
scoring_elements 0.68148
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-46875
1
reference_url https://github.com/ezsystems/ezpublish-kernel
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-46875
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-46875
3
reference_url https://packagist.org/packages/ezsystems/ezplatform-kernel#v1.2.5.1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/ezsystems/ezplatform-kernel#v1.2.5.1
4
reference_url https://packagist.org/packages/ezsystems/ezpublish-kernel#v7.5.15.2
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/ezsystems/ezpublish-kernel#v7.5.15.2
5
reference_url https://github.com/ezsystems/ezpublish-kernel/commit/29fecd2afe86f763510f10c02f14962d028f311b
reference_id 29fecd2afe86f763510f10c02f14962d028f311b
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T21:15:05Z/
url https://github.com/ezsystems/ezpublish-kernel/commit/29fecd2afe86f763510f10c02f14962d028f311b
6
reference_url https://github.com/advisories/GHSA-mrvj-7q4f-5p42
reference_id GHSA-mrvj-7q4f-5p42
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mrvj-7q4f-5p42
7
reference_url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42
reference_id GHSA-mrvj-7q4f-5p42
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T21:15:05Z/
url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42
fixed_packages
0
url pkg:composer/ezsystems/ezplatform-kernel@1.3.1%2B1
purl pkg:composer/ezsystems/ezplatform-kernel@1.3.1%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-kernel@1.3.1%252B1
1
url pkg:composer/ezsystems/ezplatform-kernel@1.3.1.1
purl pkg:composer/ezsystems/ezplatform-kernel@1.3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1515-rc8b-zbbm
1
vulnerability VCID-5buq-dxsm-t3b9
2
vulnerability VCID-7sz7-dqqq-yfdd
3
vulnerability VCID-jjry-usfr-dqfy
4
vulnerability VCID-tsqp-6yut-77b3
5
vulnerability VCID-xnh2-tppm-t3ff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-kernel@1.3.1.1
aliases CVE-2021-46875, GHSA-mrvj-7q4f-5p42
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-93qx-tphk-qbhg
5
url VCID-bcfu-e9ts-w3ac
vulnerability_id VCID-bcfu-e9ts-w3ac
summary Login timing attack in ezsystems/ezplatform-kernel
references
0
reference_url https://github.com/ezsystems/ezplatform-kernel
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-kernel
1
reference_url https://github.com/advisories/GHSA-342c-vcff-2ff2
reference_id GHSA-342c-vcff-2ff2
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-342c-vcff-2ff2
2
reference_url https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2
reference_id GHSA-342c-vcff-2ff2
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2
fixed_packages
0
url pkg:composer/ezsystems/ezplatform-kernel@1.3.19
purl pkg:composer/ezsystems/ezplatform-kernel@1.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1515-rc8b-zbbm
1
vulnerability VCID-7sz7-dqqq-yfdd
2
vulnerability VCID-tsqp-6yut-77b3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-kernel@1.3.19
aliases GHSA-342c-vcff-2ff2
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bcfu-e9ts-w3ac
6
url VCID-jjry-usfr-dqfy
vulnerability_id VCID-jjry-usfr-dqfy
summary An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-48366
reference_id
reference_type
scores
0
value 0.0023
scoring_system epss
scoring_elements 0.45977
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-48366
1
reference_url https://github.com/ezsystems/ezplatform-kernel
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-kernel
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-48366
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-48366
3
reference_url https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2
reference_id GHSA-342c-vcff-2ff2
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:53:33Z/
url https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2
4
reference_url https://github.com/advisories/GHSA-66m4-gc8h-hpjx
reference_id GHSA-66m4-gc8h-hpjx
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-66m4-gc8h-hpjx
5
reference_url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94
reference_id GHSA-xfqg-p48g-hh94
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:53:33Z/
url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94
6
reference_url https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce
reference_id ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:53:33Z/
url https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce
fixed_packages
0
url pkg:composer/ezsystems/ezplatform-kernel@1.3.19
purl pkg:composer/ezsystems/ezplatform-kernel@1.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1515-rc8b-zbbm
1
vulnerability VCID-7sz7-dqqq-yfdd
2
vulnerability VCID-tsqp-6yut-77b3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-kernel@1.3.19
aliases CVE-2022-48366, GHSA-66m4-gc8h-hpjx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jjry-usfr-dqfy
7
url VCID-pjyp-wjua-9kcg
vulnerability_id VCID-pjyp-wjua-9kcg
summary 
Duplicate Advisory: Cross Site Scripting in eZ Platform Ibexa Kernel
## Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-mrvj-7q4f-5p42. This link is maintained to preserve external references.

## Original Description
## Impact

In file upload it is possible by certain means to upload files like .html and .js. These may contain XSS exploits which will be run when links to them are accessed by victims.
Patches

## Patches

The fix consists simply of adding common types of scriptable file types to the configuration of the already existing filetype blacklist feature. See "Patched versions". As such, this can also be done manually, without installing the patched versions. This may be relevant if you are currently running a considerably older version of the kernel package and don't want to upgrade it at this time. Please see the settting "ezsettings.default.io.file_storage.file_type_blacklist" at:
https://github.com/ezsystems/ezplatform-kernel/blob/master/eZ/Bundle/EzPublishCoreBundle/Resources/config/default_settings.yml#L109
Important note

## Important note

You should adapt this setting to your needs. Do not add file types to the blacklist that you actually need to be able to upload. For instance, if you need your editors to be able to upload SVG files, then don't blacklist that. Instead, you could e.g. use an approval workflow for such content.
references
0
reference_url https://github.com/ezsystems/ezpublish-kernel
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-46875
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-46875
2
reference_url https://github.com/advisories/GHSA-c737-jhwr-fqxj
reference_id GHSA-c737-jhwr-fqxj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c737-jhwr-fqxj
3
reference_url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42
reference_id GHSA-mrvj-7q4f-5p42
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42
fixed_packages
0
url pkg:composer/ezsystems/ezplatform-kernel@1.3.1%2B1
purl pkg:composer/ezsystems/ezplatform-kernel@1.3.1%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-kernel@1.3.1%252B1
1
url pkg:composer/ezsystems/ezplatform-kernel@1.3.1.1
purl pkg:composer/ezsystems/ezplatform-kernel@1.3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1515-rc8b-zbbm
1
vulnerability VCID-5buq-dxsm-t3b9
2
vulnerability VCID-7sz7-dqqq-yfdd
3
vulnerability VCID-jjry-usfr-dqfy
4
vulnerability VCID-tsqp-6yut-77b3
5
vulnerability VCID-xnh2-tppm-t3ff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-kernel@1.3.1.1
aliases GHSA-c737-jhwr-fqxj
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pjyp-wjua-9kcg
8
url VCID-tsqp-6yut-77b3
vulnerability_id VCID-tsqp-6yut-77b3
summary 
Ibexa ezplatform-kernel download route allows filename change
### Impact
The route used for file downloads allows specifying the name of the downloaded file. This is an unintended side effect of the implementation, and means one could construct download URLs with filenames that have no relation to the actual file, which could lead to misunderstandings and confusion, and possibly other harm. As such it is a low severity vulnerability. It affects all supported versions of Ibexa DXP and eZ Platform, in installations where downloadable files exist.

### Patches
The issue is fixed in all supported versions of ezsystems/ezplatform-kernel, see "Patched versions".
An advisory is also published for ezsystems/ezpublish-kernel and ibexa/core, please see those repositories.
Commit: https://github.com/ezsystems/ezplatform-kernel/commit/affa2520e5e986e477ca7f7c93b9ca2c30188063

### Workarounds
None, other than blocking all downloads.

### References
https://developers.ibexa.co/security-advisories/ibexa-sa-2023-005-vulnerabilities-in-solr-search-and-file-downloads
references
0
reference_url https://developers.ibexa.co/security-advisories/ibexa-sa-2023-005-vulnerabilities-in-solr-search-and-file-downloads
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://developers.ibexa.co/security-advisories/ibexa-sa-2023-005-vulnerabilities-in-solr-search-and-file-downloads
1
reference_url https://github.com/ezsystems/ezplatform-kernel
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-kernel
2
reference_url https://github.com/ezsystems/ezplatform-kernel/commit/affa2520e5e986e477ca7f7c93b9ca2c30188063
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-kernel/commit/affa2520e5e986e477ca7f7c93b9ca2c30188063
3
reference_url https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-gv2c-5g79-h73c
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-gv2c-5g79-h73c
4
reference_url https://github.com/advisories/GHSA-gv2c-5g79-h73c
reference_id GHSA-gv2c-5g79-h73c
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gv2c-5g79-h73c
fixed_packages
0
url pkg:composer/ezsystems/ezplatform-kernel@1.3.34
purl pkg:composer/ezsystems/ezplatform-kernel@1.3.34
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7sz7-dqqq-yfdd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-kernel@1.3.34
1
url pkg:composer/ezsystems/ezplatform-kernel@4.0.0-alpha1
purl pkg:composer/ezsystems/ezplatform-kernel@4.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-kernel@4.0.0-alpha1
aliases GHSA-gv2c-5g79-h73c, GMS-2023-3987
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tsqp-6yut-77b3
9
url VCID-xnh2-tppm-t3ff
vulnerability_id VCID-xnh2-tppm-t3ff
summary Exposure of Resource to Wrong Sphere in ezsystems/ezplatform-kernel
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25336
reference_id
reference_type
scores
0
value 0.00191
scoring_system epss
scoring_elements 0.40848
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25336
1
reference_url https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization
2
reference_url https://github.com/ezsystems/ezplatform-kernel
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-kernel
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25336
reference_id CVE-2022-25336
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25336
4
reference_url https://github.com/advisories/GHSA-x8xx-x82q-42q3
reference_id GHSA-x8xx-x82q-42q3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x8xx-x82q-42q3
fixed_packages
0
url pkg:composer/ezsystems/ezplatform-kernel@1.3.12
purl pkg:composer/ezsystems/ezplatform-kernel@1.3.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1515-rc8b-zbbm
1
vulnerability VCID-5buq-dxsm-t3b9
2
vulnerability VCID-7sz7-dqqq-yfdd
3
vulnerability VCID-jjry-usfr-dqfy
4
vulnerability VCID-tsqp-6yut-77b3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-kernel@1.3.12
1
url pkg:composer/ezsystems/ezplatform-kernel@7.5.26
purl pkg:composer/ezsystems/ezplatform-kernel@7.5.26
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-kernel@7.5.26
aliases CVE-2022-25336, GHSA-x8xx-x82q-42q3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xnh2-tppm-t3ff
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-kernel@1.3.0