Vulnerabilities > CVE-2012-1031 - Cross-Site Scripting and Security Bypass vulnerability in EPiServer CMS

CVSS 6.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

episerver

NVD

Published: 2012-02-08

Updated: 2012-02-14

Summary

Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit Mode privileges, a different vulnerability than CVE-2011-3416 and CVE-2011-3417.

Vulnerable Configurations

Part	Description	Count
Application	Episerver Episerver Episerver CMS 5.1.422.4 Episerver Episerver CMS 5.1.422.122 Episerver Episerver CMS 5.1.422.256 Episerver Episerver CMS 5.1.422.267 Episerver Episerver CMS 5.2.375.7 Episerver Episerver CMS 5.2.375.133 Episerver Episerver CMS 5.2.375.236 Episerver Episerver CMS 6.0.530.0 Episerver Episerver CMS 6.1.379.0	9

Summary

Vulnerable Configurations

References