Ektron

Ektron Content Management System

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2012-5357

Exploit
  • EPSS 82.6%
  • Veröffentlicht 30.10.2017 14:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data.

9.8

CVE-2012-5358

Exploit
  • EPSS 0.58%
  • Veröffentlicht 30.10.2017 14:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, mod...

6.1

CVE-2016-6133

  • EPSS 0.22%
  • Veröffentlicht 25.07.2017 20:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the rptStatus parameter in a Report action to WorkArea/SelectUserGrou...

6.1

CVE-2016-6201

Exploit
  • EPSS 0.2%
  • Veröffentlicht 03.07.2017 16:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the ContType parameter in a ViewContentByCategory action to W...

3.5

CVE-2015-4427

Exploit
  • EPSS 0.18%
  • Veröffentlicht 09.06.2015 14:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) p...

5.8

CVE-2015-3624

Exploit
  • EPSS 0.75%
  • Veröffentlicht 09.06.2015 14:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote attackers to hijack the authentication of content ad...

6.8

CVE-2015-0931

  • EPSS 3.62%
  • Veröffentlicht 14.02.2015 03:01:19
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue.

5

CVE-2015-0923

  • EPSS 77.78%
  • Veröffentlicht 14.02.2015 03:01:17
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with a...

3.5

CVE-2014-2729

Exploit
  • EPSS 0.18%
  • Veröffentlicht 25.04.2014 14:15:30
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjec...