Search
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23049 | 1 Exponentcms | 1 Exponent Cms | 2022-02-17 | 3.5 LOW | 5.4 MEDIUM |
| Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session. | |||||
| CVE-2022-23047 | 1 Exponentcms | 1 Exponent Cms | 2022-02-16 | 3.5 LOW | 4.8 MEDIUM |
| Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configure_site" | |||||
| CVE-2015-1177 | 1 Exponentcms | 1 Exponent Cms | 2018-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2. | |||||
| CVE-2016-9284 | 1 Exponentcms | 1 Exponent Cms | 2017-07-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string. | |||||
| CVE-2016-9285 | 1 Exponentcms | 1 Exponent Cms | 2017-07-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue. | |||||
| CVE-2016-9286 | 1 Exponentcms | 1 Exponent Cms | 2017-07-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI. | |||||
| CVE-2017-8085 | 1 Exponentcms | 1 Exponent Cms | 2017-04-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php. | |||||
| CVE-2015-8667 | 1 Exponentcms | 1 Exponent Cms | 2017-01-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email. | |||||
| CVE-2015-8684 | 1 Exponentcms | 1 Exponent Cms | 2017-01-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the elFinder functionality. | |||||