The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or possibly have unspecified other impact via crafted XSL data.
Max CVSS
9.8
EPSS Score
0.90%
Published
2017-10-30
Updated
2017-11-18

CVE-2012-5357

Public exploit
Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data.
Max CVSS
9.8
EPSS Score
96.68%
Published
2017-10-30
Updated
2017-11-18
SQL injection vulnerability in WorkArea/ContentRatingGraph.aspx in Ektron CMS400.NET 7.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the res parameter.
Max CVSS
7.5
EPSS Score
0.10%
Published
2008-11-18
Updated
2017-08-08
Unspecified vulnerability in "a page in the workarea folder" in Ektron CMS400.NET 7.00 through 7.04 and 7.50 through 7.52 has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.27%
Published
2008-08-06
Updated
2017-08-08
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!