Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ektron ektron content management system vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2015-0923
The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 prior to 8.7sp2 and 9.0 before sp1 allows remote malicious users to read arbitrary files via an external entity declaration in conjunction with an entity reference wit...
Ektron Ektron Content Management System 8.5.0
Ektron Ektron Content Management System 8.7.0
Ektron Ektron Content Management System 8.9.0
6.8
CVSSv2
CVE-2015-0931
Ektron Content Management System (CMS) 8.5 and 8.7 prior to 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote malicious users to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue.
Ektron Ektron Content Management System 8.5.0
Ektron Ektron Content Management System 8.7.0
Ektron Ektron Content Management System 8.9.0
3.5
CVSSv2
CVE-2015-4427
Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) prior to 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) page, (2) action, (3) folder_...
Ektron Ektron Content Management System
4.3
CVSSv2
CVE-2016-6133
Cross-site scripting (XSS) vulnerability in Ektron Content Management System prior to 9.1.0.184SP3(9.1.0.184.3.127) allows remote malicious users to inject arbitrary web script or HTML via the rptStatus parameter in a Report action to WorkArea/SelectUserGroup.aspx.
Ektron Ektron Content Management System
4.3
CVSSv2
CVE-2016-6201
Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) prior to 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote malicious users to inject arbitrary web script or HTML via the ContType parameter in a ViewContentByCategory action to WorkArea/content.aspx.
Ektron Ektron Content Management System
7.5
CVSSv2
CVE-2012-5357
Ektron Content Management System (CMS) prior to 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote malicious users to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data.
Ektron Ektron Content Management System
1 EDB exploit
7.5
CVSSv2
CVE-2012-5358
The XSLTCompiledTransform function in Ektron Content Management System (CMS) prior to 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote malicious users to read arbitrary files and consequently bypass authentication, modify viewstate, cause a...
Ektron Ektron Content Management System
5.8
CVSSv2
CVE-2015-3624
Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) prior to 9.10 SP1 (Build 9.1.0.184.1.120) allows remote malicious users to hijack the authentication of content administrators for reque...
Ektron Ektron Content Management System
1 EDB exploit
3.5
CVSSv2
CVE-2014-2729
Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 prior to 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjects tab in the View Propertie...
Ektron Ektron Content Management System 8.7.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started