GHSA-r7pm-mw8g-p7px

Suggest an improvement
Source
https://github.com/advisories/GHSA-r7pm-mw8g-p7px
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-r7pm-mw8g-p7px/GHSA-r7pm-mw8g-p7px.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-r7pm-mw8g-p7px
Published
2025-06-13T14:47:43Z
Modified
2025-06-13T15:48:39.371219Z
Severity
  • 6.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N CVSS Calculator
Summary
Ibexa eZ Platform Admin UI XSS vulnerabilities in back office
Details

Impact

This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor or Administrator role, or similar. Injected XSS is persistent and can be reflected in the front office, possibly affecting end users. The fixes ensure XSS is escaped, and any existing injected XSS is rendered harmless.

Patches

  • See "Patched versions".
  • https://github.com/ezsystems/ezplatform-admin-ui/commit/acaa620d4ef44e7c20908dc389d48064f2c19e6d

Workarounds

None.

Database specific 
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-13T14:47:43Z",
    "severity": "MODERATE"
}
References

Affected packages

Packagist / ezsystems/ezplatform-admin-ui

Package

Name
ezsystems/ezplatform-admin-ui
Purl
pkg:composer/ezsystems/ezplatform-admin-ui

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.3.0-beta1
Fixed
2.3.38

Affected versions

v2.*

v2.3.0-beta1
v2.3.0-rc1
v2.3.0-rc2
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.3.10
v2.3.11
v2.3.12
v2.3.13
v2.3.14
v2.3.15
v2.3.16
v2.3.17
v2.3.18
v2.3.19
v2.3.20
v2.3.21
v2.3.22
v2.3.23
v2.3.24
v2.3.25
v2.3.26
v2.3.27
v2.3.28
v2.3.29
v2.3.30
v2.3.31
v2.3.32
v2.3.33
v2.3.34
v2.3.35
v2.3.36
v2.3.37