CVE-2014-2729

Name of the Vulnerable Software and Affected Versions Ektron CMS 8.7 versions prior to 8.7.0.055

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter in the content.aspx file. This occurs when the Subjects tab in the View Properties menu option is displayed, and the category0 parameter is not properly handled.

Recommendations For Ektron CMS 8.7 versions prior to 8.7.0.055, update to version 8.7.0.055 or later to resolve the issue. As a temporary workaround, consider restricting access to the content.aspx file or disabling the Subjects tab in the View Properties menu option until a patch is applied. Avoid using the category0 parameter in the affected content.aspx file until the issue is resolved.