Описание
Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue.
Ссылки
- US Government Resource
- US Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ektron:ektron_content_management_system:8.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ektron:ektron_content_management_system:8.7.0:*:*:*:*:*:*:*
cpe:2.3:a:ektron:ektron_content_management_system:8.7.0:sp1:*:*:*:*:*:*
cpe:2.3:a:ektron:ektron_content_management_system:8.9.0:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03615
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-74
Связанные уязвимости
github
больше 3 лет назад
Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue.
EPSS
Процентиль: 87%
0.03615
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-74