CVE-2017-8085
published 2017-04-24CVE-2017-8085: In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php.
PriorityP423medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
1.15%
62.8th percentile
In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| exponentcms | exponent_cms | <= 2.4.0 | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
http://www.exponentcms.org/news/patch-5-released-for-v2-4-1-to-fix-a-few-critical-issueshttp://www.securityfocus.com/bid/98043https://github.com/exponentcms/exponent-cms/commit/0b2241ff1c7d86376fa260c5d4c1714f6cef9c0fhttps://github.com/exponentcms/exponent-cms/releases/tag/v2.4.1patch5http://www.exponentcms.org/news/patch-5-released-for-v2-4-1-to-fix-a-few-critical-issueshttp://www.securityfocus.com/bid/98043https://github.com/exponentcms/exponent-cms/commit/0b2241ff1c7d86376fa260c5d4c1714f6cef9c0fhttps://github.com/exponentcms/exponent-cms/releases/tag/v2.4.1patch5
2017-04-24
Published