Exponent CMS 'src' POST Parameter Cross-Site Scripting Vulnerability Network Vulnerability

Summary

This host is installed with Exponent CMS and is prone to xss vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML and script code in the context of an affected site. Impact Level: Application

Solution

No solution or patch is available as of 9th February, 2015. Information regarding this issue will updated once the solution details are available. For updates refer to http://www.exponentcms.org

Insight

Flaw is due to improper sanitization of user supplied input passed via 'src' parameter in the search action to index.php

Affected

Exponent CMS version 2.3.0, Prior versions may also be affected.

Detection

Send a crafted request via HTTP GET and check whether it is able to read cookie or not.

References

http://packetstormsecurity.com/files/128335
http://xforce.iss.net/xforce/xfdb/96158

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-6635

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Struts Directory Traversal Vulnerability
Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
AlienForm CGI script
Apache CouchDB Cross Site Request Forgery Vulnerability
Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities

Take action and discover your vulnerabilities