CRITICAL🇬🇧 English

CVE-2012-5358

CVSS 9.8v3.0pub. 2017-10-30upd. 2026-05-13

The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or possibly have unspecified other impact via crafted XSL data.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ektron Content Management System

    APP
    Ektron
    ≤ 8.02
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth BypassDoS
CWE
Referencje

Powiązane podatności

CVE-2012-5357CRITICAL9.8ten sam produkt

Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript s...

CVE-2016-6133MEDIUM6.1ten sam produkt

Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.1...

CVE-2016-6201MEDIUM6.1ten sam produkt

Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0...

CVE-2015-3624MEDIUM5.8ten sam produkt

Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektro...

CVE-2015-0931MEDIUM6.8ten sam produkt

Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parse...