Exponent CMS 2.6.0 patch2 - Stored XSS
4,8
Medium
Discovered by
Offensive Team, Fluid Attacks
Summary
Full name
Exponent CMS 2.6.0 patch2 - Stored XSS
Code name
State
Public
Release date
3 feb 2022
Affected product
Exponent CMS
Affected version(s)
v2.6.0 patch2
Vulnerability name
Stored cross-site scripting (XSS)
Vulnerability type
Remotely exploitable
Yes
CVSS v3.1 vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CVSS v3.1 base score
4.8
Exploit available
No
CVE ID(s)
Description
Exponent CMS 2.6.0 patch2 allows an authenticated admin user to inject persistent javascript code inside the Site/Organization Name,Site Title and Site Header parameters while updating the site settings on http://127.0.0.1/exponentcms/administration/configure_site.
Proof of Concept
Click on the Exponent logo located on the upper left corner.
Go to 'Configure Website'.
Update the 'Site Title' field or any of the vulnerable fields with the following PoC.
If a user hover the mouse over the logo or visits the 'Configure Website' the XSS will be triggered.
System Information:
Version: Exponent CMS 2.6.0 patch2.
Operating System: Linux.
Web Server: Apache
PHP Version: 7.4
Database and version: Mysql
Exploit
There is no exploit for the vulnerability but can be manually exploited.
Mitigation
By 2022-02-03 there is not a patch resolving the issue.
References
Timeline
IA generativa
24 ene 2022
Vendor contacted
24 ene 2022
Public disclosure
3 feb 2022
