Release date:
Updated on:
Affected Systems:
Ektron CMS 8.7.
Description:
--------------------------------------------------------------------------------
Bugtraq id: 66940
CVE (CAN) ID: CVE-2014-2729
Ektron CMS is an enterprise-level Web content management system.
In the affected webpage of Ektron CMS versions earlier than 8.7.0.055.2.015, the cross-site scripting vulnerability is found in the HTTP parameters of category0. When these affected pages are loaded, the application will store and execute specially crafted JS code injected by attackers.
<* Source: Joseph Zeng Xianbo
Link: http://www.securityfocus.com/archive/1/531853
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Ektron
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.ektron.com/