CVE-2016-6201

Name of the Vulnerable Software and Affected Versions Ektron Content Management System (CMS) versions prior to 9.1.0.184 SP3 (9.1.0.184.3.127)

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the ContType parameter in a "ViewContentByCategory" action to "WorkArea/content.aspx".

Recommendations For versions prior to 9.1.0.184 SP3 (9.1.0.184.3.127), update to version 9.1.0.184 SP3 (9.1.0.184.3.127) or later to resolve the issue. As a temporary workaround, consider restricting access to the "WorkArea/content.aspx" endpoint or avoiding the use of the ContType parameter in the "ViewContentByCategory" action until the update is applied.