Skip to main content

Exponent Cms CVE-2015-8667

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2017-01-18 cve@mitre.org
6.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jan 18, 2017 - 17:59 cve.org
MEDIUM 6.1

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email.

AnalysisAI

Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email. Affected products include: Exponentcms Exponent Cms. Version information: before 2.3.5.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2016-7400 CRITICAL POC
9.8 Feb 07

Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL comm

CVE-2016-2242 CRITICAL POC
9.8 Jan 23

Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/

CVE-2016-7791 CRITICAL POC
9.8 Jan 12

Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. Rated critical severity (CV

CVE-2016-7790 CRITICAL POC
9.8 Jan 12

Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. Rated critical severity (CV

CVE-2017-7991 CRITICAL POC
9.8 Apr 22

Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function

CVE-2016-7789 CRITICAL POC
9.8 Mar 07

SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attac

CVE-2016-9481 CRITICAL POC
9.8 Nov 29

In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into sh

CVE-2013-3294 HIGH POC
7.5 Feb 11

Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execut

CVE-2013-3295 HIGH POC
7.5 Dec 30

Directory traversal vulnerability in install/popup.php in Exponent CMS before 2.2.0 RC1 allows remote attackers to inclu

CVE-2014-8690 MEDIUM POC
4.3 Feb 19

Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, an

CVE-2016-9087 CRITICAL
9.8 Mar 07

SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.

CVE-2016-9020 CRITICAL
9.8 Mar 07

SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier a

Share

CVE-2015-8667 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy