HomePentest-Tools.com Logo

Exponent CMS < 2.3.1 Patch 4 Multiple XSS Vulnerabilities CVE-2014-8690

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Exponent CMS is prone to multiple cross-site scripting (XSS) vulnerabilities.

Risk description

The flaws are due to the /users/edituser and the /news/ functionality which does not validate input to the First Name and Last Name fields before returning it to users. Successful exploitation will allow attacker to execute arbitrary HTML and script code in the context of an affected site.

Recommendation

Update to version 2.3.1 Patch 4 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 19, 2015
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available