MEDIUM🇬🇧 English

CVE-2015-0923

CVSS 5.0v2.0pub. 2015-02-14upd. 2026-05-06

The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference within an XML document named in the xslt parameter, related to an XML External Entity (XXE) issue.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
  • Ektron Content Management System

    APP
    Ektron
    8.5.08.7.08.9.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XXE
CWE
Referencje

Powiązane podatności

CVE-2012-5358CRITICAL9.8ten sam produkt

The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XS...

CVE-2012-5357CRITICAL9.8ten sam produkt

Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript s...

CVE-2016-6133MEDIUM6.1ten sam produkt

Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.1...

CVE-2016-6201MEDIUM6.1ten sam produkt

Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0...

CVE-2015-3624MEDIUM5.8ten sam produkt

Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektro...