Persistent JavaScript Injection Vulnerability in Exponent CMS by Exponent
CVE-2022-23049

5.4MEDIUM

Key Information:

Vendor: Exponentcms
Status: Exponent Cms
Vendor: CVE Published:; 9 February 2022

🔔 Create Exponentcms Vulnerability Alert

What is CVE-2022-23049?

A security vulnerability in Exponent CMS 2.6.0patch2 allows authenticated users to inject malicious persistent JavaScript code through the 'User-Agent' header during login. This can lead to session hijacking, as the injected code executes when an administrator visits the 'User Sessions' tab, compromising their session and potentially granting attackers unauthorized access to sensitive administrative functionalities.