Vulnerabilities > Exponentcms > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-09 | CVE-2022-23049 | Cross-site Scripting vulnerability in Exponentcms Exponent CMS 2.6.0 Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. | 3.5 |
| 2022-02-09 | CVE-2022-23047 | Cross-site Scripting vulnerability in Exponentcms Exponent CMS 2.6.0 Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configure_site" | 3.5 |