Arbitrary Script Injection via src Parameter in Exponent CMS 2.3.0 Search Action
CVE-2014-6635 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in the search action to index.php.
Learn more about our Web App Pen Testing.