#1323 ✓resolved
Sachin Wagh

Exponent CMS 2.3.5 -File Upload Cross Site Scripting Vulnerability

Reported by Sachin Wagh | December 25th, 2015 @ 08:25 PM | in 2.3.7 (closed)

Information

Vulnerability Type : Exponent CMS 2.3.5 -File Upload Cross Site Scripting Vulnerability
Vulnerable Version : 2.3.5
CVE-ID :
Severity: High
Author – Sachin Wagh (@tiger_tigerboy)

Description

Exponent CMS is prone to a file upload cross site Scripting vulnerability because it fails to sanitize user-supplied input.It is possible to make a Exponent CMS vulnerable to XSS if you can upload/include a html file into the file manager.

Please find attached POC for more detail.

Reference :

https://www.owasp.org/index.php/Testing_for_Stored_Cross_site_scrip...

Credits & Authors

Sachin Wagh (@tiger_tigerboy)

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Bug Tracker for Exponent CMS

Shared Ticket Bins

People watching this ticket

Attachments

Tags

Pages