Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 22 Sep 2016 11:37:40 +0800
From: 王畅 <>
Subject: CVE Request: XSS Vulnerability in Exponent CMS 2.3.9

Hi, I reported a Cross Site Scripting vulnerability to the
ExponentCMS team on a few days ago:


line 85-86:

$funcNum = $_GET['CKEditorFuncNum'] ;
echo "<script type='text/javascript'>".$funcNum.",
'".$url."', '".$message."');</script>";


"$_GET['CKEditorFuncNum']"  was printed out without any sanitization.


And Now, this vulnerability have been

This issue was reported by Wang Chang of Inc. and I would like
to request a CVE for this issue (if not done so).

Thank you.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ