Ektron Ektron Content Management System — known CVE vulnerabilities
Every CVE whose affected-product data names Ektron Ektron Content Management System, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2012-5357 — CVSS 9.8 (critical): Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows…
CVE-2012-5358 — CVSS 9.8 (critical): The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction…
CVE-2015-0931 — CVSS 6.8 (medium): Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote…
CVE-2016-6133 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.127) allows remote attackers…
CVE-2016-6201 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote…
CVE-2015-3624 — CVSS 5.8 (medium): Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System…
CVE-2015-0923 — CVSS 5.0 (medium): The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0…
CVE-2014-2729 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject…
CVE-2015-4427 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10…