MEDIUM🇬🇧 English

CVE-2015-0931

CVSS 6.8v2.0pub. 2015-02-14upd. 2026-05-06

Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue.

oryginał EN
CVSS Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
  • Ektron Content Management System

    APP
    Ektron
    8.5.08.7.08.9.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2012-5358CRITICAL9.8ten sam produkt

The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XS...

CVE-2012-5357CRITICAL9.8ten sam produkt

Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript s...

CVE-2016-6133MEDIUM6.1ten sam produkt

Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.1...

CVE-2016-6201MEDIUM6.1ten sam produkt

Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0...

CVE-2015-3624MEDIUM5.8ten sam produkt

Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektro...

CVE-2015-0931 — MEDIUM 6.8 | CVEbaza.pl