CVE-2015-0931
Ektron Content Management System 8.5, 8.7 < 8.7sp2, 9.0 < sp1 - Remote Code Execution via Crafted XSLT Document
Title source: llmDescription
Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue.
References (1)
Core 1
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/377644
Scores
EPSS
0.0244
EPSS Percentile
82.3%
Details
CWE
CWE-74
Status
published
Products (3)
ektron/ektron_content_management_system
8.5.0
ektron/ektron_content_management_system
8.7.0 (2 CPE variants)
ektron/ektron_content_management_system
8.9.0
Published
Feb 14, 2015
Tracked Since
Feb 18, 2026