CSRF in Ektron Ektron_content_management_system
CVE-2015-3624
Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote attackers to hijack the authentication of…
Vulnerability class: CSRF (Cross-Site Request Forgery)
EPSS: 0.008 (73.6th percentile) — read the EPSS interpretation.
Affected products
- Ektron Ektron_content_management_system
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- 74937 (vdb-entry, x_refsource_BID)
- 37296 (exploit, x_refsource_EXPLOIT-DB)
- cve@mitre.org (Exploit, x_refsource_MISC)
- cve@mitre.org (Exploit, x_refsource_MISC)
- 20150531 Ektron CMS 9.10 SP1 - CSRF Vulnerability (mailing-list, x_refsource_BUGTRAQ)
Frequently asked questions
- What is CVE-2015-3624?
- CVE-2015-3624 is a vulnerability in Ektron Ektron_content_management_system, classified under Cross-Site Request Forgery (CSRF). Published 2015-06-09.
- Is CVE-2015-3624 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.