Exponentcms Exponent Cms vulnerabilities
60 known vulnerabilities affecting exponentcms/exponent_cms.
Total CVEs
60
CISA KEV
0
Public exploits
5
Exploited in wild
0
Severity breakdown
CRITICAL33HIGH14MEDIUM13
Vulnerabilities
Page 3 of 3
CVE-2014-8690P4MEDIUMCVSS 4.3PoC≤ 2.1.4v2.2.0+5 more2015-02-19
CVE-2014-8690 [MEDIUM] CWE-79 CVE-2014-8690: Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x befo
Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) src parameter in a none action to index.php, or the (3) "First Name" or (4) "Last Name" field to users/edituser.
nvd
CVE-2022-23048P3HIGHCVSS 7.2v2.6.0vv2.6.0patch22022-02-09
CVE-2022-23048 [HIGH] CWE-434 CVE-2022-23048: Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the f
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execute commands.
nvd
CVE-2021-32441P3HIGHCVSS 7.5≥ 2.6.0, < 2.7.02023-02-17
CVE-2021-32441 [HIGH] CWE-89 CVE-2021-32441: SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access t
SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class.
nvd
CVE-2016-9183P3HIGHCVSS 7.5v2.4.02016-11-04
CVE-2016-9183 [HIGH] CWE-200 CVE-2016-9183: In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted inp
In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses the injectProof method to prevent SQL injection, but this filter can be bypassed easily: it only sanitizes user input if there are odd numbers of ' or " char
nvd
CVE-2016-9184P3HIGHCVSS 7.5v2.4.02016-11-04
CVE-2016-9184 [HIGH] CWE-89 CVE-2016-9184: In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted
In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact is Information Disclosure.
nvd
CVE-2016-7452P3HIGHCVSS 7.5≤ 2.3.92016-11-03
CVE-2016-7452 [HIGH] CWE-434 CVE-2016-7452: The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal.
nvd
CVE-2016-9182P3HIGHCVSS 7.5v2.4.02016-11-04
CVE-2016-9182 [HIGH] CWE-284 CVE-2016-9182: Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the metho
Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can use a capitalized method name to bypass the permission check, e.g., controlle
nvd
CVE-2010-5002P4MEDIUMCVSS 4.3PoCv0.97.02011-11-01
CVE-2010-5002 [MEDIUM] CWE-79 CVE-2010-5002: Cross-site scripting (XSS) vulnerability in modules/slideshowmodule/slideshow.js.php in Exponent CMS
Cross-site scripting (XSS) vulnerability in modules/slideshowmodule/slideshow.js.php in Exponent CMS 0.97.0 allows remote attackers to inject arbitrary web script or HTML via the u parameter.
nvd
CVE-2017-18213P3HIGHCVSS 7.2≤ 2.4.1v2.4.12018-03-04
CVE-2017-18213 [HIGH] CVE-2017-18213: In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges.
In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges.
nvd
CVE-2021-47931P4MEDIUMCVSS 6.4≤ 2.62026-05-10
CVE-2021-47931 [MEDIUM] CWE-79 CVE-2021-47931: Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated atta
Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary JavaScript. The application also exposes database cred
nvd
CVE-2022-23049P4MEDIUMCVSS 5.4v2.6.0vv2.6.0patch22022-02-09
CVE-2022-23049 [MEDIUM] CWE-79 CVE-2022-23049: Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "U
Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session.
nvd
CVE-2016-9286P4MEDIUMCVSS 5.3v2.4.02016-11-11
CVE-2016-9286 [MEDIUM] CWE-200 CVE-2016-9286: framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not proper
framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI.
nvd
CVE-2016-9284P4MEDIUMCVSS 5.3v2.4.02016-11-11
CVE-2016-9284 [MEDIUM] CWE-200 CVE-2016-9284: getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 all
getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string.
nvd
CVE-2016-9285P4MEDIUMCVSS 5.3v2.4.02016-11-11
CVE-2016-9285 [MEDIUM] CWE-200 CVE-2016-9285: framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote
framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue.
nvd
CVE-2015-8684P4MEDIUMCVSS 6.1≤ 2.3.52017-01-18
CVE-2015-8684 [MEDIUM] CWE-79 CVE-2015-8684: Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which
Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the elFinder functionality.
nvd
CVE-2015-8667P4MEDIUMCVSS 6.1≤ 2.3.52017-01-18
CVE-2015-8667 [MEDIUM] CWE-79 CVE-2015-8667: Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5
Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email.
nvd
CVE-2017-8085P4MEDIUMCVSS 6.1≤ 2.4.02017-04-24
CVE-2017-8085 [MEDIUM] CWE-79 CVE-2017-8085: In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connect
In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php.
nvd
CVE-2015-1177P4MEDIUMCVSS 6.1v2.3.22017-08-28
CVE-2015-1177 [MEDIUM] CWE-79 CVE-2015-1177: Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2.
Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2.
nvd
CVE-2022-23047P4MEDIUMCVSS 4.8v2.6.0vv2.6.0patch22022-02-09
CVE-2022-23047 [MEDIUM] CWE-79 CVE-2022-23047: Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code ins
Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configure_site"
nvd
CVE-2014-6635P4MEDIUMCVSS 4.3v2.3.02014-10-26
CVE-2014-6635 [MEDIUM] CWE-79 CVE-2014-6635: Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arb
Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in the search action to index.php.
nvd
← Previous3 / 3