EPiServer CMS Cross Site Scripting and Security Bypass Vulnerabilities
EPiServer CMS is prone to the following vulnerabilities:
1. A security-bypass vulnerability.
2. A cross-site scripting vulnerability.
Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and perform certain administrative actions in the vulnerable application.
The following versions are affected:
EPiServer CMS 5
EPiServer CMS 6