CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
73.7%
Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a “resource injection” issue.
Vendor | Product | Version | CPE |
---|---|---|---|
ektron | ektron_content_management_system | 8.5.0 | cpe:2.3:a:ektron:ektron_content_management_system:8.5.0:*:*:*:*:*:*:* |
ektron | ektron_content_management_system | 8.7.0 | cpe:2.3:a:ektron:ektron_content_management_system:8.7.0:*:*:*:*:*:*:* |
ektron | ektron_content_management_system | 8.7.0 | cpe:2.3:a:ektron:ektron_content_management_system:8.7.0:sp1:*:*:*:*:*:* |
ektron | ektron_content_management_system | 8.9.0 | cpe:2.3:a:ektron:ektron_content_management_system:8.9.0:*:*:*:*:*:*:* |