### [CVE-2015-0931](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0931)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue.

### POC

#### Reference
- http://www.kb.cert.org/vuls/id/377644

#### Github
- https://github.com/ARPSyndicate/cvemon