exploitDog

GHSA-xgxx-qjfr-x75f

Опубликовано: 11 фев. 2022

Источник: github

Github: Не прошло ревью

Описание

Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configure_site"

Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configure_site"

Ссылки

EPSS

Процентиль: 75%

0.00854

Низкий

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-23047

CVSS3: 4.8

nvd

почти 4 года назад

Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configure_site"

EPSS

Процентиль: 75%

0.00854

Низкий

CVE ID

Дефекты

CWE-79