NuytsTech Security

CVE-2010-2671

by ·

Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ Publish 3.7.0 through 4.2.0 allows remote attackers to inject arbitrary web script or HTML via the subTreeItem parameter.

Date published : 2010-07-08

http://www.securityfocus.com/bid/38985

http://ez.no/de/content/download/321164/3192243/version/1/file/16396.diff

Tags: