First published: Wed Jan 18 2017(Updated: )
Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the elFinder functionality.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Exponentcms Exponent Cms | <=2.3.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.