Persistent JavaScript Injection in Exponent CMS 2.6.0patch2 via User-Agent Header

Persistent JavaScript Injection in Exponent CMS 2.6.0patch2 via User-Agent Header

CVE-2022-23049 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session.

Learn more about our Cms Pen Testing.