CVE-2022-23047
N/A
N/A
Summary
Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configure_site"
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Exponent CMS | v2.6.0patch2 | affected |
Weaknesses
- Stored cross-site scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
- https://fluidattacks.com/advisories/franklin/
- https://exponentcms.lighthouseapp.com/projects/61783/tickets/1459
- https://github.com/exponentcms/exponent-cms/issues/1546
References
- https://fluidattacks.com/advisories/franklin/
- https://exponentcms.lighthouseapp.com/projects/61783/tickets/1459
- https://github.com/exponentcms/exponent-cms/issues/1546
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.