Ektron Content Management System (CMS) prior to 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote malicious users to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ektron ektron content management system |