EPiServer CMS Cross Site Scripting and Security Bypass Vulnerabilities

EPiServer CMS is prone to the following vulnerabilities:

1. A security-bypass vulnerability.

2. A cross-site scripting vulnerability.

Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and perform certain administrative actions in the vulnerable application.

The following versions are affected:

EPiServer CMS 5
EPiServer CMS 6


Privacy Statement
Copyright 2010, SecurityFocus