Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2729

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2014-2729
Last Modified 25 Apr 2014 01:51:50
Published 25 Apr 2014 10:15:30
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2014-2729

Summary

Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjects tab in the View Properties menu option.

Vulnerable Systems

Application

  • Ektron Content Management System 8.7.0


References

BUGTRAQ - 20140416 [SECURITY] Stored Cross Site Scripting in Ektron CMS 8.7

BUGTRAQ - 20140416 [Security Advisory] Stored Cross Site Scripting in Ektron CMS 8.7

MISC - http://packetstormsecurity.com/files/126187/Ektron-CMS-8.7-Cross-Site-Scripting.html


Last Updated: 27 May 2016 11:05:06