QwikSec

Security Database

CVE

CWE

Training

CVE-2022-23047

Published: Feb 9, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configure_site"

Vendor	Product	Versions
n/a	Exponent CMS	affected `v2.6.0patch2`

References

https://fluidattacks.com/advisories/franklin/

x_refsource_MISC

https://exponentcms.lighthouseapp.com/projects/61783/tickets/1459

x_refsource_MISC

https://github.com/exponentcms/exponent-cms/issues/1546

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.