Description
Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote attackers to hijack the authentication of content administrators for requests that delete content via a delete action.
Exploits (1)
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74937
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/37296/
Exploit x_refsource_misc
http://v00d00sec.com/2015/05/31/cve-2015-3624-csrf-and-xss-vulnerabilities-in-ektron-cms-9-10-sp1/
Exploit x_refsource_misc
http://packetstormsecurity.com/files/132104/Ektron-CMS-9.10-SP1-Cross-Site-Request-Forgery.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/535646/100/0/threaded
Scores
EPSS
0.0075
EPSS Percentile
73.2%
Details
CWE
CWE-352
Status
published
Products (1)
ektron/ektron_content_management_system
< 9.1
Published
Jun 09, 2015
Tracked Since
Feb 18, 2026