Exponent CMS prior to 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote malicious users to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the elFinder functionality.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
exponentcms exponent cms |