Lucene search

K
cve[email protected]CVE-2015-4427
HistoryJun 09, 2015 - 2:59 p.m.

CVE-2015-4427

2015-06-0914:59:08
CWE-79
web.nvd.nist.gov
15
cve-2015-4427
cross-site scripting
xss
ektron cms
security vulnerability
web script injection
html injection
nvd

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

47.3%

Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) page, (2) action, (3) folder_id, or (4) LangType parameter.

Affected configurations

NVD
Node
ektronektron_content_management_systemRange9.1sp1
VendorProductVersionCPE
ektronektron_content_management_systemcpe:/a:ektron:ektron_content_management_system::sp1::

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

47.3%

Related for CVE-2015-4427