cbcvebase.
CVE-2014-2729
published 2014-04-25

CVE-2014-2729: Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or…

PriorityP412low3.5CVSS 2.0
AVNACMAuSCNIPAN
EPSS
0.97%
57.5th percentile
Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjects tab in the View Properties menu option.

Affected

1 ranges
VendorProductVersion rangeFixed in
ektronektron_content_management_system
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.