Vulnerabilities > Ericsson > Enterprise Content Management

DATE CVE VULNERABILITY TITLE RISK
2021-09-17 CVE-2021-41390 Injection vulnerability in Ericsson Enterprise Content Management 18.0
In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection.
network
low complexity
ericsson CWE-74
8.0
8.0
2021-09-17 CVE-2021-41391 Cross-site Scripting vulnerability in Ericsson Enterprise Content Management 18.0
In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover.
network
low complexity
ericsson CWE-79
5.4
5.4