Exponent cms

This hub aggregates every CVE we track for Exponent cms, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Exponent cms.

• CVE-2021-47931Exponent CMS 2.6 Multiple Vulnerabilities Stored XSS Authentication6.4May 10, 2026
• CVE-2021-32441SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class.7.5Feb 17, 2023
• CVE-2022-23049Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the...5.4Feb 9, 2022
• CVE-2022-23048Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "t...7.2Feb 9, 2022
• CVE-2022-23047Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the sit...4.8Feb 9, 2022
• CVE-2016-9023Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.9.8Dec 31, 2020
• CVE-2016-9026Exponent CMS before 2.6.0 has improper input validation in fileController.php.9.8Dec 31, 2020
• CVE-2016-9025Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.9.8Dec 31, 2020
• CVE-2016-9022Exponent CMS before 2.6.0 has improper input validation in usersController.php.9.8Dec 31, 2020
• CVE-2016-9021Exponent CMS before 2.6.0 has improper input validation in storeController.php.9.8Dec 31, 2020
• CVE-2016-8898Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.9.8May 24, 2019
• CVE-2016-8900Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags.9.8May 24, 2019
• CVE-2016-8897Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.9.8May 23, 2019
• CVE-2016-8899Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats.9.8May 23, 2019
• CVE-2016-7443Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location."9.8Mar 6, 2018