The XSLTCompiledTransform function in Ektron Content Management System (CMS) prior to 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote malicious users to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or possibly have unspecified other impact via crafted XSL data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ektron ektron content management system |