CVE-2012-5357

critical

Description

Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data.

References

https://technet.microsoft.com/library/security/msvr12-016

http://documentation.ektron.com/current/ReleaseNotes/Release8/8.02SP5.htm

Details

Source: Mitre, NVD

Published: 2017-10-30

Updated: 2017-11-18

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics