Vulnerabilities > Ektron > Ektron Content Management System > 9.1

DATE	CVE	VULNERABILITY TITLE	RISK
2017-07-25	CVE-2016-6133	Cross-site Scripting vulnerability in Ektron Content Management System 8.7.0/9.1 Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the rptStatus parameter in a Report action to WorkArea/SelectUserGroup.aspx. network ektron CWE-79	4.3
2017-07-03	CVE-2016-6201	Cross-site Scripting vulnerability in Ektron Content Management System 8.7.0/9.1 Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the ContType parameter in a ViewContentByCategory action to WorkArea/content.aspx. network ektron CWE-79	4.3
2015-06-09	CVE-2015-4427	Cross-site Scripting vulnerability in Ektron Content Management System 8.7.0/9.1 Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) page, (2) action, (3) folder_id, or (4) LangType parameter. network ektron CWE-79	3.5
2015-06-09	CVE-2015-3624	Cross-Site Request Forgery (CSRF) vulnerability in Ektron Content Management System 8.7.0/9.1 Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote attackers to hijack the authentication of content administrators for requests that delete content via a delete action. network ektron CWE-352	5.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.