XSS in Ektron Ektron_content_management_system
CVE-2014-2729
Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.002 (39.3th percentile) — read the EPSS interpretation.
Affected products
- Ektron Ektron_content_management_system — versions 8.7.0
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Exploit, x_refsource_MISC)
- 20140416 [Security Advisory] Stored Cross Site Scripting in Ektron CMS 8.7 (mailing-list, x_refsource_BUGTRAQ)
- 20140416 [SECURITY] Stored Cross Site Scripting in Ektron CMS 8.7 (mailing-list, x_refsource_BUGTRAQ)