Vulnerabilities > Ektron > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-30 | CVE-2012-5358 | Data Processing Errors vulnerability in Ektron Content Management System The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or possibly have unspecified other impact via crafted XSL data. | 7.5 |
| 2017-10-30 | CVE-2012-5357 | Data Processing Errors vulnerability in Ektron Content Management System Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data. | 7.5 |
| 2008-11-18 | CVE-2008-5122 | SQL Injection vulnerability in Ektron Cms4000.Net SQL injection vulnerability in WorkArea/ContentRatingGraph.aspx in Ektron CMS400.NET 7.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the res parameter. | 7.5 |