Vulnerabilities > Ektron

DATE CVE VULNERABILITY TITLE RISK
2017-10-30 CVE-2012-5358 Data Processing Errors vulnerability in Ektron Content Management System 8.02
The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or possibly have unspecified other impact via crafted XSL data.
network
low complexity
ektron CWE-19
critical
9.8
2017-10-30 CVE-2012-5357 Data Processing Errors vulnerability in Ektron Content Management System 8.02
Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data.
network
low complexity
ektron CWE-19
critical
9.8
2017-07-25 CVE-2016-6133 Cross-site Scripting vulnerability in Ektron Content Management System 8.7.0/9.1/9.10
Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the rptStatus parameter in a Report action to WorkArea/SelectUserGroup.aspx.
network
low complexity
ektron CWE-79
6.1
2017-07-03 CVE-2016-6201 Cross-site Scripting vulnerability in Ektron Content Management System 8.7.0/9.1/9.10
Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the ContType parameter in a ViewContentByCategory action to WorkArea/content.aspx.
network
low complexity
ektron CWE-79
6.1