CVE-2005-4855 Information

Description

Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5 3.6 before 3.6.2 3.7 before 3.7.0rc2 and 3.8 before 20050922 does not restrict Image datatype uploads to image content types which allows remote authenticated users to upload certain types of files as demonstrated by .js files which may enable cross-site scripting (XSS) attacks or other attacks.

Reference

http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0 http://issues.ez.no/5984