VYPR
Critical severity9.8NVD Advisory· Published Oct 30, 2017· Updated Jun 16, 2026

CVE-2012-5358

CVE-2012-5358

Description

The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or possibly have unspecified other impact via crafted XSL data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:ektron:ektron_content_management_system:*:sp4:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:ektron:ektron_content_management_system:*:sp4:*:*:*:*:*:*range: <=8.02
    • (no CPE)range: <8.02 SP5

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.