2 matches found
CVE-2014-6635
CVE-2014-6635 affects Exponent CMS 2.3.0, exposing a cross-site scripting (XSS) flaw in the src parameter of the search action to index.php. The vulnerability allows remote attackers to inject arbitrary web script or HTML. CVSS v2 base score is 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N). Exploitation statu...
Exponent CMS 2.3.0 Cross Site Scripting
Title: exponent-2.3.0 CMS index.php POST Reflected XSS Severity: High CVE-ID: To Be Assigned Release Date: 20 September 2014 Author: Kenneth F. Belva Websites: http://silverbackventuresllc.com http://xssWarrior.com http://securitymaverick.com Twitter: @infosecmaverick Contact: Please use website...