Zurück zur CVE-Übersicht
CVE-2015-8684
MEDIUM(4.3)AV:N/AC:M/Au:N/C:N/I:P/A:N
Risk Signal Score11/100 — NIEDRIG
- CVSS 4.3 — Mittel
EPSS-Score
0%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
4.3
Technische Schwere
Beschreibung
Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the elFinder functionality.
Referenzen
- https://exponentcms.lighthouseapp.com/projects/61783/tickets/1323-exponent-cms-2...
- https://packetstormsecurity.com/files/136762/Exponent-CMS-2.3.5-File-Upload-Cros...
- https://exponentcms.lighthouseapp.com/projects/61783/tickets/1323-exponent-cms-2...
- https://packetstormsecurity.com/files/136762/Exponent-CMS-2.3.5-File-Upload-Cros...