Cross-Site Scripting Vulnerability in Exponent CMS by Exponent
CVE-2017-8085

6.1MEDIUM

Key Information:

Vendor

Exponentcms

Status
Exponent Cms
Vendor
CVE Published:
24 April 2017

What is CVE-2017-8085?

In Exponent CMS prior to version 2.4.1 Patch #5, a Cross-Site Scripting (XSS) vulnerability exists within elFinder, specifically in the file path handler located in framework/modules/file/connector/elfinder.php. This flaw can be exploited by attackers to inject malicious scripts, potentially compromising user data and web application integrity. It is critical for users of affected versions to install the latest security patch to mitigate these risks.

References

https://github.com/exponentcms/exponent-cms/releases/tag/...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/98043
vdb-entryx_refsource_BID
http://www.exponentcms.org/news/patch-5-released-for-v2-4...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.