Unrated severityNVD Advisory· Published Feb 14, 2015· Updated May 6, 2026

CVE-2015-0931

Description

Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue.

Affected products

Ektron/Ektron Content Management System4 versions
cpe:2.3:a:ektron:ektron_content_management_system:8.5.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:ektron:ektron_content_management_system:8.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ektron:ektron_content_management_system:8.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ektron:ektron_content_management_system:8.7.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:ektron:ektron_content_management_system:8.9.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/377644nvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000