CVE-2015-8684
CVE-2015-8684 affects Exponent CMS prior to 2.3.7. The flaw arises from insufficiently restricting upload file types, enabling an attacker to upload an HTML file and trigger cross-site scripting via the elFinder functionality. Impact described as remote XSS and possibly other unspecified effects....