6 matches found
Ektron CMS 9.10 SP1 (Build 9.1.0.184.1.114) - Cross-Site Request Forgery
Ektron CMS 9.10 SP1 Build 9.1.0.184.1.114 - Cross-Site Request Forgery Vulnerability type: Cross-site Request Forgery Vendor: http://www.ektron.com/ Product: Ektron Content Management System Affected version: = TIMELINE – 07/04/2015: Vulnerability found – 07/04/2015: Vendor informed – 08/04/2015:...
Ektron CMS 9.10 SP1 (Build 9.1.0.184.1.114) - CSRF Vulnerability
Exploit for php platform in category web applications Vulnerability type: Cross-site Request Forgery Vendor: http://www.ektron.com/ Product: Ektron Content Management System Affected version: = TIMELINE – 07/04/2015: Vulnerability found – 07/04/2015: Vendor informed – 08/04/2015: Vendor responded...
Ektron CMS 9.10 SP1 (Build 9.1.0.184.1.114) - Cross-Site Request Forgery
Vulnerability type: Cross-site Request Forgery Vendor: http://www.ektron.com/ Product: Ektron Content Management System Affected version: = TIMELINE – 07/04/2015: Vulnerability found – 07/04/2015: Vendor informed – 08/04/2015: Vendor responded and acknowledged - 01/05/2015: MITRE issued CVE...
CVE-2015-3624
CVE-2015-3624 describes a CSRF vulnerability in Ektron Content Management System (CMS) prior to 9.10 SP1 (Build 9.1.0.184.1.120). The flaw is in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx and can allow an attacker to hijack a content administrator’s authenticated session to perform a dele...
Ektron CMS 9.10 SP1 - CSRF Vulnerability
Vulnerability type: Cross-site Request Forgery Vendor: http://www.ektron.com/ Product: Ektron Content Management System Affected version: = 9.10 SP1 Build 9.1.0.184.1.114 Patched version: 9.10 SP1 Build 9.1.0.184.1.120 CVE ID: CVE-2015-3624 Credit: Jerold Hoong PROOF OF CONCEPT CSRF Cross-site...
Ektron CMS 9.10 SP1 Cross Site Request Forgery
Vulnerability type: Cross-site Request Forgery Vendor: http://www.ektron.com/ Product: Ektron Content Management System Affected version: = TIMELINE 07/04/2015: Vulnerability found 07/04/2015: Vendor informed 08/04/2015: Vendor responded and acknowledged - 01/05/2015: MITRE issued CVE numbe...