Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ektron ektron content management system vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-12596
Episerver Ektron CMS prior to 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote malicious users to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally...
Episerver Ektron Cms 9.00
Episerver Ektron Cms 9.10
Episerver Ektron Cms 9.20
1 EDB exploit
1 Github repository
9.8
CVSSv3
CVE-2012-5357
Ektron Content Management System (CMS) prior to 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote malicious users to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data.
Ektron Ektron Content Management System
1 EDB exploit
9.8
CVSSv3
CVE-2012-5358
The XSLTCompiledTransform function in Ektron Content Management System (CMS) prior to 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote malicious users to read arbitrary files and consequently bypass authentication, modify viewstate, cause a...
Ektron Ektron Content Management System
6.1
CVSSv3
CVE-2016-6133
Cross-site scripting (XSS) vulnerability in Ektron Content Management System prior to 9.1.0.184SP3(9.1.0.184.3.127) allows remote malicious users to inject arbitrary web script or HTML via the rptStatus parameter in a Report action to WorkArea/SelectUserGroup.aspx.
Ektron Ektron Content Management System
6.1
CVSSv3
CVE-2016-6201
Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) prior to 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote malicious users to inject arbitrary web script or HTML via the ContType parameter in a ViewContentByCategory action to WorkArea/content.aspx.
Ektron Ektron Content Management System
NA
CVE-2015-4427
Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) prior to 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) page, (2) action, (3) folder_...
Ektron Ektron Content Management System
NA
CVE-2015-3624
Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) prior to 9.10 SP1 (Build 9.1.0.184.1.120) allows remote malicious users to hijack the authentication of content administrators for reque...
Ektron Ektron Content Management System
1 EDB exploit
NA
CVE-2015-0923
The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 prior to 8.7sp2 and 9.0 before sp1 allows remote malicious users to read arbitrary files via an external entity declaration in conjunction with an entity reference wit...
Ektron Ektron Content Management System 8.5.0
Ektron Ektron Content Management System 8.7.0
Ektron Ektron Content Management System 8.9.0
NA
CVE-2015-0931
Ektron Content Management System (CMS) 8.5 and 8.7 prior to 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote malicious users to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue.
Ektron Ektron Content Management System 8.5.0
Ektron Ektron Content Management System 8.7.0
Ektron Ektron Content Management System 8.9.0
NA
CVE-2014-2729
Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 prior to 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjects tab in the View Propertie...
Ektron Ektron Content Management System 8.7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started