Lucene search
ExponentcmsExponent Cms
2 matches found
CVE-2017-8085
In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php.
6.1CVSS5.9AI score0.00368EPSS
CVE-2017-7991
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.
9.8CVSS9.8AI score0.01354EPSS