Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ektron ektron content management system vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-0923
The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 prior to 8.7sp2 and 9.0 before sp1 allows remote malicious users to read arbitrary files via an external entity declaration in conjunction with an entity reference wit...
Ektron Ektron Content Management System 8.5.0
Ektron Ektron Content Management System 8.7.0
Ektron Ektron Content Management System 8.9.0
NA
CVE-2015-0931
Ektron Content Management System (CMS) 8.5 and 8.7 prior to 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote malicious users to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue.
Ektron Ektron Content Management System 8.5.0
Ektron Ektron Content Management System 8.7.0
Ektron Ektron Content Management System 8.9.0
NA
CVE-2015-3624
Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) prior to 9.10 SP1 (Build 9.1.0.184.1.120) allows remote malicious users to hijack the authentication of content administrators for reque...
Ektron Ektron Content Management System
1 EDB exploit
NA
CVE-2015-4427
Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) prior to 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) page, (2) action, (3) folder_...
Ektron Ektron Content Management System
9.8
CVSSv3
CVE-2012-5357
Ektron Content Management System (CMS) prior to 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote malicious users to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data.
Ektron Ektron Content Management System
1 EDB exploit
6.1
CVSSv3
CVE-2016-6133
Cross-site scripting (XSS) vulnerability in Ektron Content Management System prior to 9.1.0.184SP3(9.1.0.184.3.127) allows remote malicious users to inject arbitrary web script or HTML via the rptStatus parameter in a Report action to WorkArea/SelectUserGroup.aspx.
Ektron Ektron Content Management System
6.1
CVSSv3
CVE-2016-6201
Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) prior to 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote malicious users to inject arbitrary web script or HTML via the ContType parameter in a ViewContentByCategory action to WorkArea/content.aspx.
Ektron Ektron Content Management System
9.8
CVSSv3
CVE-2012-5358
The XSLTCompiledTransform function in Ektron Content Management System (CMS) prior to 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote malicious users to read arbitrary files and consequently bypass authentication, modify viewstate, cause a...
Ektron Ektron Content Management System
NA
CVE-2014-2729
Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 prior to 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjects tab in the View Propertie...
Ektron Ektron Content Management System 8.7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started