Vulnerabilities > Ektron > Ektron Content Management System > 9.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-07-25 | CVE-2016-6133 | Cross-site Scripting vulnerability in Ektron Content Management System 8.7.0/9.1 Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the rptStatus parameter in a Report action to WorkArea/SelectUserGroup.aspx. | 4.3 |
2017-07-03 | CVE-2016-6201 | Cross-site Scripting vulnerability in Ektron Content Management System 8.7.0/9.1 Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the ContType parameter in a ViewContentByCategory action to WorkArea/content.aspx. | 4.3 |
2015-06-09 | CVE-2015-4427 | Cross-site Scripting vulnerability in Ektron Content Management System 8.7.0/9.1 Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) page, (2) action, (3) folder_id, or (4) LangType parameter. | 3.5 |
2015-06-09 | CVE-2015-3624 | Cross-Site Request Forgery (CSRF) vulnerability in Ektron Content Management System 8.7.0/9.1 Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote attackers to hijack the authentication of content administrators for requests that delete content via a delete action. | 5.8 |