VYPR

CMS

by Episerver

CVEs (11)

  • CVE-2017-17762HigAug 29, 2018
    risk 0.49cvss 7.5epss 0.05

    XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx.

  • CVE-2025-27802MedJul 28, 2025
    risk 0.31cvss 4.8epss 0.00

    The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. RTE properties (text fields), which could…

  • CVE-2025-27801MedJul 28, 2025
    risk 0.31cvss 4.8epss 0.00

    The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. ContentReference properties, which…

  • CVE-2025-27800MedJul 28, 2025
    risk 0.31cvss 4.8epss 0.00

    The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. The Admin dashboard offered the…

  • CVE-2018-12596Oct 10, 2018
    risk 0.06cvss epss 0.22

    Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available…

  • CVE-2025-22389Jan 4, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of potentially malicious file types, including .docm .html. When…

  • CVE-2025-22390Jan 4, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters,…

  • CVE-2025-22388Jan 4, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially compromising user data, escalating…

  • CVE-2012-1032Sep 17, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker module 3.x before 3.4.5 for EPiServer allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely…

  • CVE-2012-1034Feb 8, 2012
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the admin interface in EPiServer CMS through 6R2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-1031Feb 8, 2012
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit Mode privileges, a different vulnerability than CVE-2011-3416 and CVE-2011-3417.