Exponent Cms Security Vulnerabilities and Issues — Exponent Cms CVE List

Lucene search

ExponentcmsExponent Cms

4 matches found

CVE•added 2022/02/09 11:15 p.m.•90 views

CVE-2022-23049

Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session.

5.4CVSS5.4AI score0.00833EPSS

CVE•added 2016/11/11 10:59 p.m.•33 views

CVE-2016-9286

framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI.

5.3CVSS5.2AI score0.00213EPSS

CVE•added 2016/11/11 10:59 p.m.•30 views

CVE-2016-9285

framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue.

5.3CVSS6AI score0.00213EPSS

CVE•added 2016/11/11 10:59 p.m.•28 views

CVE-2016-9284

getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string.

5.3CVSS6AI score0.00213EPSS