MEDIUM🇵🇱 Wersja polska

CVE-2015-3624

CVSS 5.8v2.0pub. 2015-06-09upd. 2026-05-06

Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote attackers to hijack the authentication of content administrators for requests that delete content via a delete action.

CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:P
  • Ektron Content Management System

    APP
    Ektron
    ≤ 9.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2012-5358CRITICAL9.8ten sam produkt

The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XS...

CVE-2012-5357CRITICAL9.8ten sam produkt

Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript s...

CVE-2016-6133MEDIUM6.1ten sam produkt

Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.1...

CVE-2016-6201MEDIUM6.1ten sam produkt

Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0...

CVE-2015-0931MEDIUM6.8ten sam produkt

Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parse...