Security Advisory

CVE-2022-23049

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-02-09 22:03:59

Last updated 2024-08-03 03:28:43

Assigner Fluid Attacks

State PUBLISHED

Description

Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session.

← Browse all CVEs View on cve.org ↗