Search
Find a vulnerability
Search criteria
122 vulnerabilities by Exponentcms
CVE-2021-47931 (GCVE-0-2021-47931)
Vulnerability from nvd – Published: 2026-05-10 12:43 – Updated: 2026-05-26 11:51
VLAI
Title
Exponent CMS 2.6 Multiple Vulnerabilities Stored XSS Authentication
Summary
Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary JavaScript. The application also exposes database credentials in responses and lacks brute-force protection on authentication endpoints.
Severity
6.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/50611 | exploit |
| https://www.exponentcms.org/ | product |
| https://www.vulncheck.com/advisories/exponent-cms… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Exponentcms | Exponent CMS |
Affected:
0 , ≤ 2.6
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47931",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-11T11:32:08.472634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T11:37:20.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Exponent CMS",
"vendor": "Exponentcms",
"versions": [
{
"lessThanOrEqual": "2.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:exponentcms:exponent_cms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "picaro_o"
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary JavaScript. The application also exposes database credentials in responses and lacks brute-force protection on authentication endpoints."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T11:51:42.814Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50611",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50611"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.exponentcms.org/"
},
{
"name": "VulnCheck Advisory: Exponent CMS 2.6 Multiple Vulnerabilities Stored XSS Authentication",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/exponent-cms-multiple-vulnerabilities-stored-xss-authentication"
}
],
"title": "Exponent CMS 2.6 Multiple Vulnerabilities Stored XSS Authentication",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47931",
"datePublished": "2026-05-10T12:43:51.934Z",
"dateReserved": "2026-02-01T11:24:18.717Z",
"dateUpdated": "2026-05-26T11:51:42.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-32441 (GCVE-0-2021-32441)
Vulnerability from nvd – Published: 2023-02-17 00:00 – Updated: 2025-03-19 15:11
VLAI
Summary
SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1542"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pang0lin/CVEproject/blob/main/ExponentCMS_v2.6.0_sqli.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-32441",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T15:10:25.871519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T15:11:04.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-17T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/exponentcms/exponent-cms/issues/1542"
},
{
"url": "https://github.com/pang0lin/CVEproject/blob/main/ExponentCMS_v2.6.0_sqli.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32441",
"datePublished": "2023-02-17T00:00:00.000Z",
"dateReserved": "2021-05-07T00:00:00.000Z",
"dateUpdated": "2025-03-19T15:11:04.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23049 (GCVE-0-2022-23049)
Vulnerability from nvd – Published: 2022-02-09 22:03 – Updated: 2024-08-03 03:28
VLAI
Summary
Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session.
Severity
No CVSS data available.
CWE
- Stored cross-site scripting (XSS)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/issues/1546 | x_refsource_MISC |
| https://fluidattacks.com/advisories/cobain/ | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Exponent CMS |
Affected:
v2.6.0patch2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:43.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/cobain/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1461"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Exponent CMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v2.6.0patch2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the \"User-Agent\" header when logging in. When an administrator user visits the \"User Sessions\" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T22:03:59.000Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fluidattacks.com/advisories/cobain/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1461"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "help@fluidattacks.com",
"ID": "CVE-2022-23049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Exponent CMS",
"version": {
"version_data": [
{
"version_value": "v2.6.0patch2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the \"User-Agent\" header when logging in. When an administrator user visits the \"User Sessions\" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored cross-site scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/issues/1546",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"name": "https://fluidattacks.com/advisories/cobain/",
"refsource": "MISC",
"url": "https://fluidattacks.com/advisories/cobain/"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1461",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1461"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2022-23049",
"datePublished": "2022-02-09T22:03:59.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:28:43.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23048 (GCVE-0-2022-23048)
Vulnerability from nvd – Published: 2022-02-09 22:03 – Updated: 2024-08-03 03:28
VLAI
Summary
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execute commands.
Severity
No CVSS data available.
CWE
- Insecure file upload (RCE)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/issues/1546 | x_refsource_MISC |
| https://fluidattacks.com/advisories/dylan/ | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Exponent CMS |
Affected:
v2.6.0patch2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:43.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/dylan/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Exponent CMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v2.6.0patch2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at \"themes/simpletheme/{rce}.php\" from where can be accessed in order to execute commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure file upload (RCE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T22:03:58.000Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fluidattacks.com/advisories/dylan/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "help@fluidattacks.com",
"ID": "CVE-2022-23048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Exponent CMS",
"version": {
"version_data": [
{
"version_value": "v2.6.0patch2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at \"themes/simpletheme/{rce}.php\" from where can be accessed in order to execute commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure file upload (RCE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/issues/1546",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"name": "https://fluidattacks.com/advisories/dylan/",
"refsource": "MISC",
"url": "https://fluidattacks.com/advisories/dylan/"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1460",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2022-23048",
"datePublished": "2022-02-09T22:03:58.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:28:43.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23047 (GCVE-0-2022-23047)
Vulnerability from nvd – Published: 2022-02-09 22:03 – Updated: 2024-08-03 03:28
VLAI
Summary
Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configure_site"
Severity
No CVSS data available.
CWE
- Stored cross-site scripting (XSS)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://fluidattacks.com/advisories/franklin/ | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
| https://github.com/exponentcms/exponent-cms/issues/1546 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Exponent CMS |
Affected:
v2.6.0patch2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:43.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/franklin/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1459"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Exponent CMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v2.6.0patch2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the \"Site/Organization Name\",\"Site Title\" and \"Site Header\" parameters while updating the site settings on \"/exponentcms/administration/configure_site\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T22:03:57.000Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fluidattacks.com/advisories/franklin/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1459"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "help@fluidattacks.com",
"ID": "CVE-2022-23047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Exponent CMS",
"version": {
"version_data": [
{
"version_value": "v2.6.0patch2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the \"Site/Organization Name\",\"Site Title\" and \"Site Header\" parameters while updating the site settings on \"/exponentcms/administration/configure_site\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored cross-site scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fluidattacks.com/advisories/franklin/",
"refsource": "MISC",
"url": "https://fluidattacks.com/advisories/franklin/"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1459",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1459"
},
{
"name": "https://github.com/exponentcms/exponent-cms/issues/1546",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2022-23047",
"datePublished": "2022-02-09T22:03:57.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:28:43.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38751 (GCVE-0-2021-38751)
Vulnerability from nvd – Published: 2021-08-16 13:53 – Updated: 2024-08-04 01:51
VLAI
Summary
A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/issues/1544 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:20.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1544"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-16T13:53:19.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1544"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/issues/1544",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/issues/1544"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38751",
"datePublished": "2021-08-16T13:53:19.000Z",
"dateReserved": "2021-08-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:51:20.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9026 (GCVE-0-2016-9026)
Vulnerability from nvd – Published: 2020-12-31 02:12 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS before 2.6.0 has improper input validation in fileController.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS before 2.6.0 has improper input validation in fileController.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T02:12:11.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS before 2.6.0 has improper input validation in fileController.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9026",
"datePublished": "2020-12-31T02:12:11.000Z",
"dateReserved": "2016-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9025 (GCVE-0-2016-9025)
Vulnerability from nvd – Published: 2020-12-31 02:11 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T02:11:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9025",
"datePublished": "2020-12-31T02:11:12.000Z",
"dateReserved": "2016-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9023 (GCVE-0-2016-9023)
Vulnerability from nvd – Published: 2020-12-31 02:13 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T02:13:32.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9023",
"datePublished": "2020-12-31T02:13:32.000Z",
"dateReserved": "2016-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9022 (GCVE-0-2016-9022)
Vulnerability from nvd – Published: 2020-12-31 02:10 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS before 2.6.0 has improper input validation in usersController.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS before 2.6.0 has improper input validation in usersController.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T02:10:26.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS before 2.6.0 has improper input validation in usersController.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9022",
"datePublished": "2020-12-31T02:10:26.000Z",
"dateReserved": "2016-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9021 (GCVE-0-2016-9021)
Vulnerability from nvd – Published: 2020-12-31 02:09 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS before 2.6.0 has improper input validation in storeController.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS before 2.6.0 has improper input validation in storeController.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T02:09:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS before 2.6.0 has improper input validation in storeController.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9021",
"datePublished": "2020-12-31T02:09:27.000Z",
"dateReserved": "2016-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8900 (GCVE-0-2016-8900)
Vulnerability from nvd – Published: 2019-05-24 16:11 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2016/09/30/5 | x_refsource_MISC |
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-24T16:11:37.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2016/09/30/5",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"name": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-8900",
"datePublished": "2019-05-24T16:11:37.000Z",
"dateReserved": "2016-10-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8898 (GCVE-0-2016-8898)
Vulnerability from nvd – Published: 2019-05-24 16:20 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2016/09/30/5 | x_refsource_MISC |
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/99636b2118cd9af4eb9920f6b6c228bd824593d2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-24T16:20:41.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/99636b2118cd9af4eb9920f6b6c228bd824593d2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2016/09/30/5",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"name": "https://github.com/exponentcms/exponent-cms/commit/99636b2118cd9af4eb9920f6b6c228bd824593d2",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/99636b2118cd9af4eb9920f6b6c228bd824593d2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-8898",
"datePublished": "2019-05-24T16:20:41.000Z",
"dateReserved": "2016-10-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8899 (GCVE-0-2016-8899)
Vulnerability from nvd – Published: 2019-05-23 18:18 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2016/09/30/5 | x_refsource_MISC |
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-23T18:18:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2016/09/30/5",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"name": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-8899",
"datePublished": "2019-05-23T18:18:53.000Z",
"dateReserved": "2016-10-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8897 (GCVE-0-2016-8897)
Vulnerability from nvd – Published: 2019-05-23 18:21 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2016/09/30/5 | x_refsource_MISC |
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-23T18:21:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2016/09/30/5",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"name": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-8897",
"datePublished": "2019-05-23T18:21:31.000Z",
"dateReserved": "2016-10-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47931 (GCVE-0-2021-47931)
Vulnerability from cvelistv5 – Published: 2026-05-10 12:43 – Updated: 2026-05-26 11:51
VLAI
Title
Exponent CMS 2.6 Multiple Vulnerabilities Stored XSS Authentication
Summary
Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary JavaScript. The application also exposes database credentials in responses and lacks brute-force protection on authentication endpoints.
Severity
6.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/50611 | exploit |
| https://www.exponentcms.org/ | product |
| https://www.vulncheck.com/advisories/exponent-cms… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Exponentcms | Exponent CMS |
Affected:
0 , ≤ 2.6
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47931",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-11T11:32:08.472634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T11:37:20.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Exponent CMS",
"vendor": "Exponentcms",
"versions": [
{
"lessThanOrEqual": "2.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:exponentcms:exponent_cms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "picaro_o"
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary JavaScript. The application also exposes database credentials in responses and lacks brute-force protection on authentication endpoints."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T11:51:42.814Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50611",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50611"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.exponentcms.org/"
},
{
"name": "VulnCheck Advisory: Exponent CMS 2.6 Multiple Vulnerabilities Stored XSS Authentication",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/exponent-cms-multiple-vulnerabilities-stored-xss-authentication"
}
],
"title": "Exponent CMS 2.6 Multiple Vulnerabilities Stored XSS Authentication",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47931",
"datePublished": "2026-05-10T12:43:51.934Z",
"dateReserved": "2026-02-01T11:24:18.717Z",
"dateUpdated": "2026-05-26T11:51:42.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-32441 (GCVE-0-2021-32441)
Vulnerability from cvelistv5 – Published: 2023-02-17 00:00 – Updated: 2025-03-19 15:11
VLAI
Summary
SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1542"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pang0lin/CVEproject/blob/main/ExponentCMS_v2.6.0_sqli.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-32441",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T15:10:25.871519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T15:11:04.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-17T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/exponentcms/exponent-cms/issues/1542"
},
{
"url": "https://github.com/pang0lin/CVEproject/blob/main/ExponentCMS_v2.6.0_sqli.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32441",
"datePublished": "2023-02-17T00:00:00.000Z",
"dateReserved": "2021-05-07T00:00:00.000Z",
"dateUpdated": "2025-03-19T15:11:04.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23049 (GCVE-0-2022-23049)
Vulnerability from cvelistv5 – Published: 2022-02-09 22:03 – Updated: 2024-08-03 03:28
VLAI
Summary
Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session.
Severity
No CVSS data available.
CWE
- Stored cross-site scripting (XSS)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/issues/1546 | x_refsource_MISC |
| https://fluidattacks.com/advisories/cobain/ | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Exponent CMS |
Affected:
v2.6.0patch2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:43.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/cobain/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1461"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Exponent CMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v2.6.0patch2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the \"User-Agent\" header when logging in. When an administrator user visits the \"User Sessions\" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T22:03:59.000Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fluidattacks.com/advisories/cobain/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1461"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "help@fluidattacks.com",
"ID": "CVE-2022-23049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Exponent CMS",
"version": {
"version_data": [
{
"version_value": "v2.6.0patch2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the \"User-Agent\" header when logging in. When an administrator user visits the \"User Sessions\" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored cross-site scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/issues/1546",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"name": "https://fluidattacks.com/advisories/cobain/",
"refsource": "MISC",
"url": "https://fluidattacks.com/advisories/cobain/"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1461",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1461"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2022-23049",
"datePublished": "2022-02-09T22:03:59.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:28:43.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23048 (GCVE-0-2022-23048)
Vulnerability from cvelistv5 – Published: 2022-02-09 22:03 – Updated: 2024-08-03 03:28
VLAI
Summary
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execute commands.
Severity
No CVSS data available.
CWE
- Insecure file upload (RCE)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/issues/1546 | x_refsource_MISC |
| https://fluidattacks.com/advisories/dylan/ | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Exponent CMS |
Affected:
v2.6.0patch2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:43.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/dylan/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Exponent CMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v2.6.0patch2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at \"themes/simpletheme/{rce}.php\" from where can be accessed in order to execute commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure file upload (RCE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T22:03:58.000Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fluidattacks.com/advisories/dylan/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "help@fluidattacks.com",
"ID": "CVE-2022-23048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Exponent CMS",
"version": {
"version_data": [
{
"version_value": "v2.6.0patch2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at \"themes/simpletheme/{rce}.php\" from where can be accessed in order to execute commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure file upload (RCE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/issues/1546",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"name": "https://fluidattacks.com/advisories/dylan/",
"refsource": "MISC",
"url": "https://fluidattacks.com/advisories/dylan/"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1460",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2022-23048",
"datePublished": "2022-02-09T22:03:58.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:28:43.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23047 (GCVE-0-2022-23047)
Vulnerability from cvelistv5 – Published: 2022-02-09 22:03 – Updated: 2024-08-03 03:28
VLAI
Summary
Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configure_site"
Severity
No CVSS data available.
CWE
- Stored cross-site scripting (XSS)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://fluidattacks.com/advisories/franklin/ | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
| https://github.com/exponentcms/exponent-cms/issues/1546 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Exponent CMS |
Affected:
v2.6.0patch2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:43.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/franklin/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1459"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Exponent CMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v2.6.0patch2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the \"Site/Organization Name\",\"Site Title\" and \"Site Header\" parameters while updating the site settings on \"/exponentcms/administration/configure_site\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T22:03:57.000Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fluidattacks.com/advisories/franklin/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1459"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "help@fluidattacks.com",
"ID": "CVE-2022-23047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Exponent CMS",
"version": {
"version_data": [
{
"version_value": "v2.6.0patch2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the \"Site/Organization Name\",\"Site Title\" and \"Site Header\" parameters while updating the site settings on \"/exponentcms/administration/configure_site\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored cross-site scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fluidattacks.com/advisories/franklin/",
"refsource": "MISC",
"url": "https://fluidattacks.com/advisories/franklin/"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1459",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1459"
},
{
"name": "https://github.com/exponentcms/exponent-cms/issues/1546",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2022-23047",
"datePublished": "2022-02-09T22:03:57.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:28:43.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38751 (GCVE-0-2021-38751)
Vulnerability from cvelistv5 – Published: 2021-08-16 13:53 – Updated: 2024-08-04 01:51
VLAI
Summary
A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/issues/1544 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:20.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1544"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-16T13:53:19.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1544"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/issues/1544",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/issues/1544"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38751",
"datePublished": "2021-08-16T13:53:19.000Z",
"dateReserved": "2021-08-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:51:20.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9023 (GCVE-0-2016-9023)
Vulnerability from cvelistv5 – Published: 2020-12-31 02:13 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T02:13:32.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9023",
"datePublished": "2020-12-31T02:13:32.000Z",
"dateReserved": "2016-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9026 (GCVE-0-2016-9026)
Vulnerability from cvelistv5 – Published: 2020-12-31 02:12 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS before 2.6.0 has improper input validation in fileController.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS before 2.6.0 has improper input validation in fileController.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T02:12:11.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS before 2.6.0 has improper input validation in fileController.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9026",
"datePublished": "2020-12-31T02:12:11.000Z",
"dateReserved": "2016-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9025 (GCVE-0-2016-9025)
Vulnerability from cvelistv5 – Published: 2020-12-31 02:11 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T02:11:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9025",
"datePublished": "2020-12-31T02:11:12.000Z",
"dateReserved": "2016-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9022 (GCVE-0-2016-9022)
Vulnerability from cvelistv5 – Published: 2020-12-31 02:10 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS before 2.6.0 has improper input validation in usersController.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS before 2.6.0 has improper input validation in usersController.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T02:10:26.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS before 2.6.0 has improper input validation in usersController.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9022",
"datePublished": "2020-12-31T02:10:26.000Z",
"dateReserved": "2016-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9021 (GCVE-0-2016-9021)
Vulnerability from cvelistv5 – Published: 2020-12-31 02:09 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS before 2.6.0 has improper input validation in storeController.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS before 2.6.0 has improper input validation in storeController.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T02:09:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS before 2.6.0 has improper input validation in storeController.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9021",
"datePublished": "2020-12-31T02:09:27.000Z",
"dateReserved": "2016-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8898 (GCVE-0-2016-8898)
Vulnerability from cvelistv5 – Published: 2019-05-24 16:20 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2016/09/30/5 | x_refsource_MISC |
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/99636b2118cd9af4eb9920f6b6c228bd824593d2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-24T16:20:41.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/99636b2118cd9af4eb9920f6b6c228bd824593d2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2016/09/30/5",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"name": "https://github.com/exponentcms/exponent-cms/commit/99636b2118cd9af4eb9920f6b6c228bd824593d2",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/99636b2118cd9af4eb9920f6b6c228bd824593d2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-8898",
"datePublished": "2019-05-24T16:20:41.000Z",
"dateReserved": "2016-10-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8900 (GCVE-0-2016-8900)
Vulnerability from cvelistv5 – Published: 2019-05-24 16:11 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2016/09/30/5 | x_refsource_MISC |
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-24T16:11:37.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2016/09/30/5",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"name": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-8900",
"datePublished": "2019-05-24T16:11:37.000Z",
"dateReserved": "2016-10-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8897 (GCVE-0-2016-8897)
Vulnerability from cvelistv5 – Published: 2019-05-23 18:21 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2016/09/30/5 | x_refsource_MISC |
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-23T18:21:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2016/09/30/5",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"name": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-8897",
"datePublished": "2019-05-23T18:21:31.000Z",
"dateReserved": "2016-10-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8899 (GCVE-0-2016-8899)
Vulnerability from cvelistv5 – Published: 2019-05-23 18:18 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2016/09/30/5 | x_refsource_MISC |
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-23T18:18:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2016/09/30/5",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"name": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-8899",
"datePublished": "2019-05-23T18:18:53.000Z",
"dateReserved": "2016-10-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}