MEDIUM🇬🇧 English

CVE-2016-6133

CVSS 6.1v3.0pub. 2017-07-25upd. 2026-05-13

Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the rptStatus parameter in a Report action to WorkArea/SelectUserGroup.aspx.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Ektron Content Management System

    APP
    Ektron
    ≤ 9.10
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2012-5357CRITICAL9.8ten sam produkt

Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript s...

CVE-2012-5358CRITICAL9.8ten sam produkt

The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XS...

CVE-2016-6201MEDIUM6.1ten sam produkt

Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0...

CVE-2015-3624MEDIUM5.8ten sam produkt

Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektro...

CVE-2015-0923MEDIUM5.0ten sam produkt

The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8...