CVE-2005-4855 — LOW (3.5) — White Hats Nepal

Q: How severe is CVE-2005-4855?

CVE-2005-4855 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2005-4855?

Check the references section above for vendor advisories and patch information. Affected products include: Ez Ez Publish.

Vulnerability Description

Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks.

CVSS Score

3.5

LOW

AV:N/AC:M/Au:S/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Ez	Ez Publish	>= 3.5.0, < 3.5.5

Related Weaknesses (CWE)

CWE-264

References

http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_xVendor Advisory
http://issues.ez.no/5984Vendor Advisory
http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_xVendor Advisory
http://issues.ez.no/5984Vendor Advisory

FAQ

What is CVE-2005-4855?

CVE-2005-4855 is a vulnerability with a CVSS score of 3.5 (LOW). Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, w...

How severe is CVE-2005-4855?

CVE-2005-4855 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-4855?

Check the references section above for vendor advisories and patch information. Affected products include: Ez Ez Publish.