Vulnerability Details CVE-2012-5357
Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.826
EPSS Ranking 99.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://documentation.ektron.com/current/ReleaseNotes/Release8/8.02SP5.htm
- https://technet.microsoft.com/library/security/msvr12-016
- https://webstersprodigy.net/2012/10/25/cve-2012-5357cve-1012-5358-cool-ektron-xslt-rce-bugs/
- https://www.rapid7.com/db/modules/exploit/windows/http/ektron_xslt_exec
- http://documentation.ektron.com/current/ReleaseNotes/Release8/8.02SP5.htm
- https://technet.microsoft.com/library/security/msvr12-016
- https://webstersprodigy.net/2012/10/25/cve-2012-5357cve-1012-5358-cool-ektron-xslt-rce-bugs/
- https://www.rapid7.com/db/modules/exploit/windows/http/ektron_xslt_exec
Products affected by CVE-2012-5357
-
cpe:2.3:a:ektron:ektron_content_management_system:8.02