CVE-2015-4427

{"id": "CVE-2015-4427", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-06-09T14:59:08.707", "references": [{"url": "http://packetstormsecurity.com/files/132105/Ektron-CMS-9.10-SP1-Cross-Site-Scripting.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://v00d00sec.com/2015/05/31/cve-2015-3624-csrf-and-xss-vulnerabilities-in-ektron-cms-9-10-sp1/", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/535647/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/74942", "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/132105/Ektron-CMS-9.10-SP1-Cross-Site-Scripting.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://v00d00sec.com/2015/05/31/cve-2015-3624-csrf-and-xss-vulnerabilities-in-ektron-cms-9-10-sp1/", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/535647/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/74942", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) page, (2) action, (3) folder_id, or (4) LangType parameter."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en Test/WorkArea/workarea.aspx en Ektron Content Management System (CMS) anterior a 9.10 SP1 (Build 9.1.0.184.1.114) permiten a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s del par\u00e1metro (1) page, (2) action, (3) folder_id, o (4) LangType."}], "lastModified": "2024-11-21T02:31:03.283", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ektron:ektron_content_management_system:*:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB901F4A-422C-41FE-95EA-1AB8BAE5215B", "versionEndIncluding": "9.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}