Exponent Cms Security Vulnerabilities and Issues — Exponent Cms CVE List

Lucene search

ExponentcmsExponent Cms

3 matches found

CVE•added 2014/02/11 5:55 p.m.•92 views

CVE-2013-3294

Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php.

7.5CVSS8.5AI score0.01323EPSS

CVE•added 2014/12/30 2:59 a.m.•44 views

CVE-2013-3295

Directory traversal vulnerability in install/popup.php in Exponent CMS before 2.2.0 RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.

7.5CVSS7.1AI score0.00575EPSS

CVE•added 2014/10/26 8:55 p.m.•32 views

CVE-2014-6635

Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in the search action to index.php.

4.3CVSS5.9AI score0.00225EPSS