Arbitrary Script Injection via src Parameter in Exponent CMS 2.3.0 Search Action

Arbitrary Script Injection via src Parameter in Exponent CMS 2.3.0 Search Action

CVE-2014-6635 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in the search action to index.php.

Learn more about our Web App Pen Testing.