{"api_version":"1","generated_at":"2026-07-03T15:52:15+00:00","cve":"CVE-2015-4427","urls":{"html":"https://cve.report/CVE-2015-4427","api":"https://cve.report/api/cve/CVE-2015-4427.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-4427","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-4427"},"summary":{"title":"CVE-2015-4427","description":"Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) page, (2) action, (3) folder_id, or (4) LangType parameter.","state":"PUBLISHED","assigner":"mitre","published_at":"2015-06-09 14:59:08","updated_at":"2026-05-06 22:30:45"},"problem_types":["CWE-79","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"3.5","severity":"","vector":"AV:N/AC:M/Au:S/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://v00d00sec.com/2015/05/31/cve-2015-3624-csrf-and-xss-vulnerabilities-in-ektron-cms-9-10-sp1/","name":"http://v00d00sec.com/2015/05/31/cve-2015-3624-csrf-and-xss-vulnerabilities-in-ektron-cms-9-10-sp1/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"CSRF and XSS Vulnerabilities in Ektron CMS 9.10 SP1 – x76 x30 x30 x64 x30 x30 x73 x65 x63","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/535647/100/0/threaded","name":"http://www.securityfocus.com/archive/1/535647/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/74942","name":"http://www.securityfocus.com/bid/74942","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Ektron CMS Multiple Cross Site Scripting Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://packetstormsecurity.com/files/132105/Ektron-CMS-9.10-SP1-Cross-Site-Scripting.html","name":"http://packetstormsecurity.com/files/132105/Ektron-CMS-9.10-SP1-Cross-Site-Scripting.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"Ektron CMS 9.10 SP1 Cross Site Scripting ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-4427","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-4427","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"4427","vulnerable":"1","versionEndIncluding":"9.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ektron","cpe5":"ektron_content_management_system","cpe6":"*","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T06:11:12.914Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"20150531 Ektron CMS 9.10 SP1 - XSS Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/535647/100/0/threaded"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://v00d00sec.com/2015/05/31/cve-2015-3624-csrf-and-xss-vulnerabilities-in-ektron-cms-9-10-sp1/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://packetstormsecurity.com/files/132105/Ektron-CMS-9.10-SP1-Cross-Site-Scripting.html"},{"name":"74942","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/74942"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2015-05-31T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) page, (2) action, (3) folder_id, or (4) LangType parameter."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-09T18:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"20150531 Ektron CMS 9.10 SP1 - XSS Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/535647/100/0/threaded"},{"tags":["x_refsource_MISC"],"url":"http://v00d00sec.com/2015/05/31/cve-2015-3624-csrf-and-xss-vulnerabilities-in-ektron-cms-9-10-sp1/"},{"tags":["x_refsource_MISC"],"url":"http://packetstormsecurity.com/files/132105/Ektron-CMS-9.10-SP1-Cross-Site-Scripting.html"},{"name":"74942","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/74942"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2015-4427","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) page, (2) action, (3) folder_id, or (4) LangType parameter."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20150531 Ektron CMS 9.10 SP1 - XSS Vulnerability","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/535647/100/0/threaded"},{"name":"http://v00d00sec.com/2015/05/31/cve-2015-3624-csrf-and-xss-vulnerabilities-in-ektron-cms-9-10-sp1/","refsource":"MISC","url":"http://v00d00sec.com/2015/05/31/cve-2015-3624-csrf-and-xss-vulnerabilities-in-ektron-cms-9-10-sp1/"},{"name":"http://packetstormsecurity.com/files/132105/Ektron-CMS-9.10-SP1-Cross-Site-Scripting.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/132105/Ektron-CMS-9.10-SP1-Cross-Site-Scripting.html"},{"name":"74942","refsource":"BID","url":"http://www.securityfocus.com/bid/74942"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2015-4427","datePublished":"2015-06-09T14:00:00.000Z","dateReserved":"2015-06-08T00:00:00.000Z","dateUpdated":"2024-08-06T06:11:12.914Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2015-06-09 14:59:08","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["CWE-79","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ektron:ektron_content_management_system:*:sp1:*:*:*:*:*:*","versionEndIncluding":"9.1","matchCriteriaId":"FB901F4A-422C-41FE-95EA-1AB8BAE5215B"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"4427","Ordinal":"1","Title":"CVE-2015-4427","CVE":"CVE-2015-4427","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"4427","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) page, (2) action, (3) folder_id, or (4) LangType parameter.","Type":"Description","Title":"CVE-2015-4427"},{"CveYear":"2015","CveId":"4427","Ordinal":"2","NoteData":"2015-06-09","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"4427","Ordinal":"3","NoteData":"2018-10-09","Type":"Other","Title":"Modified"}]}}}