Ektron Content Management System Security Vulnerabilities and Issues — Ektron Content Management System CVE List

Lucene search

EktronEktron Content Management System

9 matches found

CVE•added 2017/10/30 2:29 p.m.•121 views

CVE-2012-5357

Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data.

9.8CVSS9.6AI score0.82595EPSS

CVE•added 2015/06/09 2:59 p.m.•52 views

CVE-2015-3624

Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote attackers to hijack the authentication of content administrators for requests that delete content via...

5.8CVSS7AI score0.00751EPSS

CVE•added 2015/02/14 3:1 a.m.•43 views

CVE-2015-0923

The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference within an XML document named i...

5CVSS6.9AI score0.77782EPSS

CVE•added 2014/04/25 2:15 p.m.•35 views

CVE-2014-2729

Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjects tab in the View Properties menu option.

3.5CVSS5.3AI score0.00179EPSS

CVE•added 2017/10/30 2:29 p.m.•33 views

CVE-2012-5358

The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or poss...

9.8CVSS9.9AI score0.00768EPSS

CVE•added 2015/02/14 3:1 a.m.•32 views

CVE-2015-0931

Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue.

6.8CVSS7.9AI score0.02694EPSS

CVE•added 2017/07/25 8:29 p.m.•32 views

CVE-2016-6133

Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the rptStatus parameter in a Report action to WorkArea/SelectUserGroup.aspx.

6.1CVSS6AI score0.00215EPSS

CVE•added 2017/07/03 4:29 p.m.•27 views

CVE-2016-6201

Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the ContType parameter in a ViewContentByCategory action to WorkArea/content.aspx.

6.1CVSS6AI score0.00196EPSS

CVE•added 2015/06/09 2:59 p.m.•25 views

CVE-2015-4427

Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) page, (2) action, (3) folder_id, or (4) LangType p...

3.5CVSS5.5AI score0.0018EPSS