Security Advisories

Learn how to report security issues - Read Ibexa's security policy - Check out our security blog posts

IBEXA-SA-2021-002: /user/sessions endpoint allows detecting valid accounts

IBEXA-SA-2021-001: SQL injection vulnerability in EcontentController

IBEXA-SA-2020-007: Failing access control in system info view

IBEXA-SA-2020-006: Object Injection in legacy shop module

EZSA-2020-005: Editor XSS, and trashed drafts in review queue

EZSA-2020-004: Object Injection in SiteAccessMatchListener

EZSA-2020-003: XSS in DemoBundle/ezdemo bundled VideoJS

EZSA-2020-002: Unauthorised cache purge with misconfigured Fastly

EZSA-2020-001: Remote code execution in file uploads

EZSA-2019-008: Remote code execution in PHP-FPM

1
2
3
4
5