CVE-2009-4473

EUVD-2009-4440
Multiple cross-site scripting (XSS) vulnerabilities in WorkArea/ContentDesigner/ekformsiframe.aspx in Ektron CMS400.NET 7.6.1.53 and 7.6.6.47, and possibly 7.52 through 7.66sp2, allow remote attackers to inject arbitrary web script or HTML via the (1) css, (2) eca, (3) id, and (4) skin parameters.  NOTE: some of these details are obtained from third party information.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
ektroncms4000.net
7.6.0
ektroncms4000.net
7.6.0:sp1
ektroncms4000.net
7.6.0:sp2
ektroncms4000.net
7.6.1
ektroncms4000.net
7.6.1:sp1
ektroncms4000.net
7.6.1:sp2
ektroncms4000.net
7.6.1:sp3
ektroncms4000.net
7.6.1:sp4
ektroncms4000.net
7.6.1.53
ektroncms4000.net
7.6.5
ektroncms4000.net
7.6.5:sp1
ektroncms4000.net
7.6.5:sp2
ektroncms4000.net
7.6.5:sp3
ektroncms4000.net
7.6.6
ektroncms4000.net
7.6.6:sp1
ektroncms4000.net
7.6.6:sp2
ektroncms4000.net
7.6.6.47
ektroncms4000.net
7.52
ektroncms4000.net
7.53
ektroncms4000.net
7.53:sp2
ektroncms4000.net
7.54
ektroncms4000.net
7.54:sp2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://dev.ektron.com/forum.aspx?g=posts&t=28048
http://dev.ektron.com/notices.aspx?id=19074
http://osvdb.org/57667
http://secunia.com/advisories/36591
http://www.securityfocus.com/bid/36279
https://exchange.xforce.ibmcloud.com/vulnerabilities/53043
http://dev.ektron.com/forum.aspx?g=posts&t=28048
http://dev.ektron.com/notices.aspx?id=19074
http://osvdb.org/57667
http://secunia.com/advisories/36591
http://www.securityfocus.com/bid/36279
https://exchange.xforce.ibmcloud.com/vulnerabilities/53043