Exponent Cms Security Vulnerabilities and Issues — Exponent Cms CVE List

Lucene search

ExponentcmsExponent Cms

4 matches found

CVE•added 2017/01/18 5:59 p.m.•41 views

CVE-2015-8684

Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the...

6.1CVSS6.2AI score0.00239EPSS

CVE•added 2017/04/24 2:59 p.m.•36 views

CVE-2017-8085

In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php.

6.1CVSS5.9AI score0.00368EPSS

CVE•added 2017/08/28 3:29 p.m.•32 views

CVE-2015-1177

Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2.

6.1CVSS6AI score0.0028EPSS

CVE•added 2017/01/18 5:59 p.m.•31 views

CVE-2015-8667

Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email.

6.1CVSS6AI score0.00229EPSS