2 matches found
CVE-2015-0931
Ektron CMS versions 8.5, 8.7 before 8.7sp2, and 9.0 before sp1 are affected. When the Saxon XSLT parser is used, a crafted XSLT document can trigger a resource injection vulnerability that allows remote execution of arbitrary code on the server (in the application’s privileges). Root cause: impro...
CVE-2015-0931
Ektron Content Management System CMS 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue...