CVE Tools

exponentcms

Web & CMS Pluginsoss-project

31

Cumulative CVEs

10

Monthly snapshots

#43

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting exponentcms.

CVE-2021-47931Exponent CMS 2.6 Multiple Vulnerabilities Stored XSS Authentication6.4May 10, 2026
CVE-2021-32441SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class.7.5Feb 17, 2023
CVE-2022-23049Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the...5.4Feb 9, 2022
CVE-2022-23048Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "t...7.2Feb 9, 2022
CVE-2022-23047Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the sit...4.8Feb 9, 2022
CVE-2021-38751A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack ...4.3Aug 16, 2021
CVE-2016-9023Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.9.8Dec 31, 2020
CVE-2016-9026Exponent CMS before 2.6.0 has improper input validation in fileController.php.9.8Dec 31, 2020
CVE-2016-9025Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.9.8Dec 31, 2020
CVE-2016-9022Exponent CMS before 2.6.0 has improper input validation in usersController.php.9.8Dec 31, 2020
CVE-2016-9021Exponent CMS before 2.6.0 has improper input validation in storeController.php.9.8Dec 31, 2020
CVE-2016-8898Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.9.8May 24, 2019
CVE-2016-8900Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags.9.8May 24, 2019
CVE-2016-8897Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.9.8May 23, 2019
CVE-2016-8899Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats.9.8May 23, 2019