[MEDIUM] eZ Platform Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget

PKSA-ymm8-s8yx-cf91 GHSA-gc5h-6jx9-q2qh

Affected version: >=3.3.0,<3.3.39

Reported by:
GitHub

[HIGH] eZ Platform Admin UI Cross-site Scripting vulnerability

PKSA-gjf9-6vtv-jgpj GHSA-q73v-79x3-jv2w

Affected version: >=1.4.0,<1.4.4|>=1.3.0,<1.3.5

Reported by:
GitHub

[HIGH] eZ Platform Password reset vulnerability

PKSA-zs94-4fzr-sfpn GHSA-cg84-55jx-4237

Affected version: >=1.4.0,<1.4.6

Reported by:
GitHub

[CRITICAL] eZ Platform users with the Company admin role can assign any role to any user

PKSA-jxny-cxn1-wv1s GHSA-pcpm-vc4v-cmvx

Affected version: >=2.3.0,<2.3.26|>=1.5.0,<1.5.29

Reported by:
GitHub

[CRITICAL] ezplatform-admin-ui vulnerable to Cross-Site Scripting (XSS)

PKSA-n7hv-2v7b-q6sp GHSA-58h5-h554-429q

Affected version: >=2.3.0,<2.3.26

Reported by:
GitHub

[MEDIUM] ezplatform-admin-ui Cross-site Scripting (XSS) vulnerability

PKSA-5zsr-y194-ztv4 CVE-2019-12139 GHSA-99rh-vxmc-7wgf

Affected version: >=1.4,<1.4.4|>=1.3,<1.3.5

Reported by:
GitHub

[MEDIUM] EZSA-2019-002 Password reset vulnerability

PKSA-j563-yyj4-r9s9 GHSA-9jp8-cwwx-p64q

Affected version: >=1.4.0,<1.4.6

Reported by:
FriendsOfPHP/security-advisories, GitHub

[MEDIUM] EZSA-2019-001 XSS in Admin UI

PKSA-g3qz-r7w1-gyzd GHSA-6v6p-g8cg-2hgg

Affected version: >=1.3.0,<1.3.5|>=1.4.0,<1.4.4

Reported by:
FriendsOfPHP/security-advisories, GitHub