Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Exponent cms'
2022-02-09
CVE-2022-23047
CWE-79
Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configure_site"
CVE-2022-23048
CWE-434
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execute commands.
CVE-2022-23049
CWE-79
Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session.
2020-12-31
CVE-2016-9026
CWE-20
Exponent CMS before 2.6.0 has improper input validation in fileController.php.
CVE-2016-9025
CWE-20
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.
CVE-2016-9023
CWE-20
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.
CVE-2016-9022
CWE-20
Exponent CMS before 2.6.0 has improper input validation in usersController.php.
CVE-2016-9021
CWE-20
Exponent CMS before 2.6.0 has improper input validation in storeController.php.
2019-05-24
CVE-2016-8900
CWE-74
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags.
CVE-2016-8898
CWE-89
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.
Copyright
2024
, cxsecurity.com
Back to Top