CVE-2014-2729
published 2014-04-25CVE-2014-2729: Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or…
PriorityP412low3.5CVSS 2.0
AVNACMAuSCNIPAN
EPSS
0.97%
57.5th percentile
Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjects tab in the View Properties menu option.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ektron | ektron_content_management_system | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
EPiServer Ektron CMS prior 8.7.0 content.aspx category0 cross site scripting (ID 126187)
vuldb·2026-05-12·CVSS 3.5
CVE-2014-2729 [LOW] EPiServer Ektron CMS prior 8.7.0 content.aspx category0 cross site scripting (ID 126187)
A vulnerability classified as problematic has been found in EPiServer Ektron CMS. Impacted is an unknown function of the file content.aspx. This manipulation of the argument category0 causes cross site scripting.
This vulnerability is handled as CVE-2014-2729. The attack can be initiated remotely. There is not any exploit available.
It is recommended to upgrade the affected component.
GHSA
GHSA-2w7h-pgq5-9g2m: Cross-site scripting (XSS) vulnerability in content
ghsa_unreviewed·2022-05-14
CVE-2014-2729 [LOW] CWE-79 GHSA-2w7h-pgq5-9g2m: Cross-site scripting (XSS) vulnerability in content
Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjects tab in the View Properties menu option.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/126187/Ektron-CMS-8.7-Cross-Site-Scripting.htmlhttp://www.securityfocus.com/archive/1/531852/100/0/threadedhttp://www.securityfocus.com/archive/1/531853/100/0/threadedhttp://packetstormsecurity.com/files/126187/Ektron-CMS-8.7-Cross-Site-Scripting.htmlhttp://www.securityfocus.com/archive/1/531852/100/0/threadedhttp://www.securityfocus.com/archive/1/531853/100/0/threaded
2014-04-25
Published