Demo Free trial Request quote Contact me
Vulnerability in Episerver detected by Holm Security
Holm Security’s security team is working hard to detect new vulnerabilities in widely used CMS systems. Many of our customers use Episerver, where we recently discovered a vulnerability. The websites affected range from government agencies to large companies.
By Stefan Thelberg Topics: Public sector, Vulnerability assessment

Holm Security discovered a vulnerability in EPiServer’s SiteSeeker product. The vulnerability means that JavaScript in affected web pages can be modified to include malware from another seemingly trustworthy domain. EPiServer has been informed of the vulnerability and they have developed a hotfix for this vulnerability in EPiServer CMS version 11.0.1. EPiServer refers customers to “EPiServer internal ticket ID: ESEE-61”.

Some examples of affected web pages are:

  • The National Board of Housing, Building and Planning
  • MSB
  • Region Östergötland
  • Lerum municipality
  • Energy Agency
  • The Swedish Transport Administration
  • TRR Trygghetsrådet
  • The Public Health Agency of Sweden
  • Västervik municipality
  • Gävle fastigheter (real estate)
  • Kalmar county council
  • Red Cross
  • ESF Council
  • Konstfack
  • Värmland county council
  • The Financial Supervisory Authority of Sweden
About the author
Founder and CEO of Holm Security. Stefan is one of Sweden's most prominent cyber security entrepreneurs, previously founded the Swedish Webhosting Group and Stay Secure. Stay Secure was the largest email security provider in northern Europe. He has worked with sales of IT security products towards the private and public sector for close to 20 years.

Stefan Thelberg
+46 (0)739-99 33 12