XSS in Ektron Ektron_content_management_system

CVE-2015-4427

Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML vi…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (39.4th percentile) — read the EPSS interpretation.

Affected products

Ektron Ektron_content_management_system
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

20150531 Ektron CMS 9.10 SP1 - XSS Vulnerability (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (Exploit, x_refsource_MISC)
74942 (vdb-entry, x_refsource_BID)