Lucene search
K

591 matches found

CNVD
CNVD
added 2022/02/13 12:0 a.m.16 views

OIC Exponent CMS Cross-Site Scripting Vulnerability (CNVD-2022-33602)

OIC Exponent CMS is a free, open source PHP-based modular content management system CMS from OIC, Inc. The system supports direct editing in pages and provides user management, site configuration, content editing and other functions.Exponent CMS has a cross-site scripting vulnerability, which...

4.8CVSS0.7AI score0.02936EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/13 12:0 a.m.16 views

OIC Exponent CMS File Upload Vulnerability

OIC Exponent CMS is a free, open source PHP-based modular content management system CMS from OIC, Inc. The system supports direct editing in pages and provides user management, site configuration, content editing, etc. Exponent CMS has a file upload vulnerability that stems from the application's...

7.2CVSS1.5AI score0.02074EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/13 12:0 a.m.21 views

OIC Exponent CMS Cross-Site Scripting Vulnerability (CNVD-2022-33604)

OIC Exponent CMS is a free, open source PHP-based modular content management system CMS from OIC, Inc. The system supports editing directly in the page and provides user management, site configuration, content editing and other functions. oic Exponent CMS has a cross-site scripting vulnerability,...

5.4CVSS0.7AI score0.03033EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/02/09 11:15 p.m.6 views

CVE-2022-23047

Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configuresite"...

4.8CVSS5.8AI score0.02936EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/02/09 11:15 p.m.8 views

CVE-2022-23049

Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session...

5.4CVSS5.9AI score0.03033EPSS
Exploits1References4
NVD
NVD
added 2022/02/09 11:15 p.m.16 views

CVE-2022-23047

Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configuresite"...

4.8CVSS0.02936EPSS
Exploits1References3
NVD
NVD
added 2022/02/09 11:15 p.m.15 views

CVE-2022-23048

Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/rce.php" from where can be accessed in order to execute commands...

7.2CVSS0.02074EPSS
Exploits1References3
NVD
NVD
added 2022/02/09 11:15 p.m.21 views

CVE-2022-23049

Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session...

5.4CVSS0.03033EPSS
Exploits1References3
Prion
Prion
added 2022/02/09 11:15 p.m.18 views

Design/Logic Flaw

Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/rce.php" from where can be accessed in order to execute commands...

6.5CVSS7AI score0.02074EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2022/02/09 11:15 p.m.16 views

Code injection

Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configuresite"...

3.5CVSS5.1AI score0.02936EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2022/02/09 11:15 p.m.17 views

Session fixation

Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session...

3.5CVSS5.5AI score0.03033EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/02/09 10:3 p.m.13 views

CVE-2022-23049

Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session...

5.4CVSS6.7AI score0.03033EPSS
Exploits1References5
CVE
CVE
added 2022/02/09 10:3 p.m.119 views

CVE-2022-23049

Exponent CMS 2.6.0patch2 is affected by a vulnerability where an authenticated user can inject persistent JavaScript in the User-Agent header at login. When an administrator visits the User Sessions tab, the injected script is executed, enabling session compromise of the administrator. The availa...

5.4CVSS5.4AI score0.03033EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/02/09 10:3 p.m.22 views

CVE-2022-23049

Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session...

5.7AI score0.03033EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/02/09 10:3 p.m.17 views

CVE-2022-23048

Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/rce.php" from where can be accessed in order to execute commands...

7.3AI score0.02074EPSS
Exploits1References3
OSV
OSV
added 2022/02/09 10:3 p.m.16 views

CVE-2022-23048

Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/rce.php" from where can be accessed in order to execute commands...

7.2CVSS7AI score0.02074EPSS
Exploits1References5
CVE
CVE
added 2022/02/09 10:3 p.m.132 views

CVE-2022-23048

CVE-2022-23048 affects Exponent CMS 2.6.0patch2. An authenticated admin can upload a ZIP extension containing a PHP file; the file is written to the server under themes/simpletheme/{rce}.php and can be accessed to execute commands. This is a post-auth file upload vulnerability enabling remote cod...

7.2CVSS7AI score0.02074EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/02/09 10:3 p.m.15 views

CVE-2022-23047

Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configuresite"...

4.8CVSS6.7AI score0.02936EPSS
Exploits1References5
CVE
CVE
added 2022/02/09 10:3 p.m.83 views

CVE-2022-23047

Exponent CMS 2.6.0patch2 is affected: an authenticated admin can inject persistent JavaScript into the Site/Organization Name, Site Title, and Site Header when updating settings via /exponentcms/administration/configure_site. Several connected sources describe this as a cross-site scripting issue...

4.8CVSS5.1AI score0.02936EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/02/09 10:3 p.m.18 views

CVE-2022-23047

Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configuresite"...

5.5AI score0.02936EPSS
Exploits1References3
Rows per page
Query Builder