Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) page, (2) action, (3) folder_id, or (4) LangType parameter.
References
Configurations
History
21 Nov 2024, 02:31
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/132105/Ektron-CMS-9.10-SP1-Cross-Site-Scripting.html - Exploit | |
References | () http://v00d00sec.com/2015/05/31/cve-2015-3624-csrf-and-xss-vulnerabilities-in-ektron-cms-9-10-sp1/ - Exploit | |
References | () http://www.securityfocus.com/archive/1/535647/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/74942 - |
Information
Published : 2015-06-09 14:59
Updated : 2024-11-21 02:31
NVD link : CVE-2015-4427
Mitre link : CVE-2015-4427
CVE.ORG link : CVE-2015-4427
JSON object : View
Products Affected
ektron
- ektron_content_management_system
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')