#1239 new
Narendra Bhati

Whole CMS Is Vulnerable To Reflected XSS

Reported by Narendra Bhati | November 16th, 2014 @ 02:28 PM | in User issues

Hey Exponent CMS

want to report critical conditions of your cms , that your whole cms is vulnerable to Reflected XSS Attack

how ?
Lets see

suppose you heve this ur -

then you just have to xss payload at the end of the url - like this;

every single page which have no parameter is vulnerable to same attack

just add "> in every single page which have no xss and you will get the js alert box

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Bug Tracker for Exponent CMS

Shared Ticket Bins

People watching this ticket