Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an malicious user to compromise the administrator session.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
exponentcms exponent cms 2.6.0 |