Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oicgroup exponent cms 0.94 |
||
oicgroup exponent cms |
||
oicgroup exponent cms 0.96.5 |
||
oicgroup exponent cms 0.96.4 |
||
oicgroup exponent cms 0.96.3 |
||
oicgroup exponent cms 0.96.1 |
||
oicgroup exponent cms 0.95 |