Ektron Ektron_content_management_system
9 CVEs affecting Ektron Ektron_content_management_system. Latest disclosed: 2017-10-30. Critical: 2, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2012-5358 | Critical | 9.8 | 2017-10-30 | The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which… |
CVE-2012-5357 | Critical | 9.8 | 2017-10-30 | Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to exec… |
CVE-2016-6133 | Medium | 6.1 | 2017-07-25 | Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.127) allows remote attackers to inject arbitrary w… |
CVE-2016-6201 | Medium | 6.1 | 2017-07-03 | Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote attackers to inject arb… |
CVE-2015-4427 | | 2015-06-09 | Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1… | |
CVE-2015-3624 | | 2015-06-09 | Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1… | |
CVE-2015-0931 | | 2015-02-14 | Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arb… | |
CVE-2015-0923 | | 2015-02-14 | The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote… | |
CVE-2014-2729 | | 2014-04-25 | Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or… |