Gratis proefperiode Vraag een offerte aan Neem contact met me op
23March
Vulnerability in Episerver detected by Holm Security
Holm Security’s security team is working hard to detect new vulnerabilities in widely used CMS systems. Many of our customers use Episerver, where we recently discovered a vulnerability. The websites affected range from government agencies to large companies.
By Stefan Thelberg Topics: Public sector, Vulnerability assessment

Holm Security discovered a vulnerability in EPiServer’s SiteSeeker product. The vulnerability means that JavaScript in affected web pages can be modified to include malware from another seemingly trustworthy domain. EPiServer has been informed of the vulnerability and they have developed a hotfix for this vulnerability in EPiServer CMS version 11.0.1. EPiServer refers customers to “EPiServer internal ticket ID: ESEE-61”.

Some examples of affected web pages are:

  • The National Board of Housing, Building and Planning
  • MSB
  • Region Östergötland
  • Lerum municipality
  • Energy Agency
  • The Swedish Transport Administration
  • TRR Trygghetsrådet
  • The Public Health Agency of Sweden
  • Västervik municipality
  • Gävle fastigheter (real estate)
  • Kalmar county council
  • Red Cross
  • ESF Council
  • Konstfack
  • Värmland county council
  • The Financial Supervisory Authority of Sweden
About the author
Stefan has worked with IT security his entire career. He founded Stay Secure - the success company within email and web security.

Stefan Thelberg
+46 (0)739-99 33 12
stefan.thelberg@holmsecurity.com