CRITICAL🇵🇱 Wersja polska

CVE-2012-5357

CVSS 9.8v3.0pub. 2017-10-30upd. 2026-05-13

Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ektron Content Management System

    APP
    Ektron
    ≤ 8.02
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2012-5358CRITICAL9.8ten sam produkt

The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XS...

CVE-2016-6133MEDIUM6.1ten sam produkt

Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.1...

CVE-2016-6201MEDIUM6.1ten sam produkt

Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0...

CVE-2015-3624MEDIUM5.8ten sam produkt

Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektro...

CVE-2015-0931MEDIUM6.8ten sam produkt

Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parse...