Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exponent-CMS Security Issues #1546

Open
alestorm980 opened this issue Jan 28, 2022 · 2 comments
Open

Exponent-CMS Security Issues #1546

alestorm980 opened this issue Jan 28, 2022 · 2 comments
Labels
security

Comments

@alestorm980
Copy link

alestorm980 commented Jan 28, 2022
edited
Loading

I reported 3 vulnerabilities on Exponent 2.6.0 (patch2) using https://exponentcms.lighthouseapp.com/ but i didn't receive any update.

Attached below are the links to the tickets, advisories and our responsible disclosure policy respectively.
@dleffler
Copy link
Collaborator

As stated on our obsolete bug reporting site (Lighthouse), the XSS Settings and RCE issues only apply to Super-Admin or Admin users and users with that level of permission can do quite a bit to hack a site...However, the User-Agent issue should be addressed.

@dleffler
Copy link
Collaborator

Fix for the XSS User Agent issue has be added to development code and will be included in next release

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dleffler @alestorm980