An issue exists in eZ Platform Ibexa Kernel prior to 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file.
ibexa ez platform kernel