Cross-Site Scripting Vulnerability in Exponent CMS by Exponent
CVE-2015-1177

6.1MEDIUM

Key Information:

Vendor

Exponentcms

Status
Exponent Cms
Vendor
CVE Published:
28 August 2017

What is CVE-2015-1177?

A cross-site scripting vulnerability exists in Exponent CMS 2.3.2, allowing attackers to inject malicious scripts into web pages viewed by users. This can lead to theft of sensitive information, unauthorized access, and further exploitation of website vulnerabilities. It is crucial to implement security measures, such as input validation and sanitization, to mitigate the risks associated with XSS attacks.

References

http://packetstormsecurity.com/files/130058/Exponent-CMS-...
x_refsource_MISC
http://www.securityfocus.com/archive/1/534528/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/72274
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.