Published: 27/04/2007 Updated: 29/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oicgroup exponent cms 0.94
oicgroup exponent cms
oicgroup exponent cms 0.96.5
oicgroup exponent cms 0.96.4
oicgroup exponent cms 0.96.3
oicgroup exponent cms 0.96.1
oicgroup exponent cms 0.95

source: wwwsecurityfocuscom/bid/23574/info Exponent CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserv ...

source: wwwsecurityfocuscom/bid/23574/info Exponent CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webse ...

CWE-79 http://www.bugtraq.ir/articles/advisory/exponent_multiple_vulnerabilities/10 http://www.securityfocus.com/bid/23574 http://osvdb.org/35640 http://osvdb.org/35643 http://osvdb.org/35641 http://osvdb.org/35642 https://exchange.xforce.ibmcloud.com/vulnerabilities/34077 https://nvd.nist.gov https://www.exploit-db.com/exploits/29870/

CVE-2007-2337

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect