Vulnerabilities > Ektron > Low

DATE CVE VULNERABILITY TITLE RISK
2015-06-09 CVE-2015-4427 Cross-site Scripting vulnerability in Ektron Content Management System 8.7.0/9.1
Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) page, (2) action, (3) folder_id, or (4) LangType parameter.
network
ektron CWE-79
3.5
3.5
2014-04-25 CVE-2014-2729 Cross-Site Scripting vulnerability in Ektron Content Management System 8.7.0
Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjects tab in the View Properties menu option.
network
ektron CWE-79
3.5
3.5