Exponent CMS 2.6.0 patch2 - Stored XSS (User-Agent)
|Name||Exponent CMS 2.6.0 patch2 - Stored XSS (User-Agent)|
|Affected versions||v2.6.0 patch2|
|Kind||Stored cross-site scripting (XSS)|
|Rule||010. Stored cross-site scripting (XSS)|
|CVSSv3 Base Score||5.4|
Proof of Concept
Use a Web proxy or a tool to modify the browser User-agent with the following PoC.
Try to login with a non-admin user.
If an admin user visits 'User Management' > 'User Sessions' the XSS will be triggered.
A non-admin user may compromise an admin session by exploiting this vulnerability.
- Version: Exponent CMS 2.6.0 patch2.
- Operating System: Linux.
- Web Server: Apache
- PHP Version: 7.4
- Database and version: Mysql
There is no exploit for the vulnerability but can be manually exploited.
By 2022-02-03 there is not a patch resolving the issue.
The vulnerability was discovered by Oscar
Uribe from the Offensive
Vendor page https://www.exponentcms.org/