CVE-2012-1034

EPiServer CMS <6R2 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the admin interface in EPiServer CMS through 6R2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (4)

[Vendor Advisory] http://secunia.com/advisories/47910

[Various Sources] http://world.episerver.com/Blogs/Shahid-Nawaz/Dates/2012/1/General-Hotfix-CMS-6-R2/

[Various Sources] http://world.episerver.com/PageFiles/110367/BugList.txt

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/51877

Scores

EPSS 0.0029

EPSS Percentile 51.6%

Classification

CWE

CWE-79

Status published

Affected Products (10)

episerver/episerver_cms

n/a/n/a

Timeline

Published Feb 08, 2012

Tracked Since Feb 18, 2026