Jens Nygård

Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit Mode privileges, a different vulnerability than CVE-2011-3416 and CVE-2011-3417.

**Name of the Vulnerable Software and Affected Versions** EPiServer CMS versions prior to 7 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the admin interface. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For EPiServer CMS versions prior to 7, update to a version that includes the fix for this issue to prevent exploitation.