Vulnerabilities > Ektron > Ektron Content Management System > High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-10-30	CVE-2012-5358	Data Processing Errors vulnerability in Ektron Content Management System The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or possibly have unspecified other impact via crafted XSL data. network low complexity ektron CWE-19	7.5
2017-10-30	CVE-2012-5357	Data Processing Errors vulnerability in Ektron Content Management System Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data. network low complexity ektron CWE-19	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.