Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

#1320 ✓resolved

Exponent CMS 2.3.5 Cross-Site Scripting Vulnerability

Reported by Sachin Wagh | December 24th, 2015 @ 08:39 AM | in 2.3.6 (closed)

Exponent CMS 2.3.5 Cross-Site Scripting Vulnerability

Information

Vulnerability Type : Exponent CMS 2.3.5 Cross-Site Scripting Vulnerability
Vulnerable Version : 2.3.5
CVE-ID :
Severity: High
Author – Sachin Wagh (@tiger_tigerboy)

Description

Exponent CMS is prone to a Cross-site scripting vulnerability because it fails to sanitize user-supplied input ‘Username/Email’ field of ‘Reset Your Password’ module . An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.

Credits & Authors

Sachin Wagh (@tiger_tigerboy)

Exponent_CMS_2.3.5.avi 1.4 MB

Comments and changes to this ticket

dleffler December 24th, 2015 @ 03:30 PM
- Tag set to “security”
- Assigned user changed from “expNinja” to “dleffler”
- Milestone set to “2.3.6”
Yes, we do not currently check for img tag hacks. This will be fixed shortly.
expNinja December 24th, 2015 @ 03:32 PM
- State changed from “new” to “resolved”
(from [3ea25aadd83935b04b4c5e31518a7b05a8220cad]) Update input santization for security issues using code gleaned from CodeIgniter project [#1320 state:resolved] https://github.com/exponentcms/exponent-cms/commit/3ea25aadd83935b0...
You flagged this item as spam.
Sachin Wagh December 24th, 2015 @ 03:40 PM
Hi expNinja,

Is there any CVE-ID for it.
dleffler December 24th, 2015 @ 04:04 PM
I've requested a CVE-ID (but I've never used this process before since I'm just a coder)
You flagged this item as spam.
Sachin Wagh December 24th, 2015 @ 04:07 PM
Thanks dleffler.

Once assigned CVE-ID please let me know.

Thanks a lot.
dleffler December 24th, 2015 @ 11:35 PM
CVE-2015-8667
You flagged this item as spam.
Sachin Wagh December 25th, 2015 @ 07:00 AM
Thanks dleffer. :)

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

Bug Tracker for Exponent CMS

Shared Ticket Bins (Sort)

↓↑ drag 156 Open tickets
↓↑ drag 1246 Resolved tickets
↓↑ drag 1 This week's tickets

People watching this ticket

Attachments

Exponent_CMS_2.3.5.avi 1.4 MB

Referenced by

1324 Exponent CMS 2.3.5- Multiple Cross-Site Scripting Vulnerability This issue may have been resolved with the fix to #1320 C...
1323 Exponent CMS 2.3.5 -File Upload Cross Site Scripting Vulnerability This issue may have been resolved with the fix to #1320 C...
1322 Exponent CMS → 2.3.5: Parameter Tampering Information Disclosure This issue may have been resolved with the fix to #1320 C...

Exponentcms Exponent CMS → 2.3.6