Family: CGI abuses --> Category: attack
Exponent CMS Multiple Cross-Site Scripting Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for the version of Exponent
Detailed Explanation for this Vulnerability Test
The remote host is running Exponent, a web based content management
system implemented in PHP.
The remote version of this software is vulnerable to multiple cross
site scripting vulnerabilites due to a lack of filtering on user-supplied
input in files 'index.php' and 'mod.php'. A possible hacker may exploit this
flaw to perform a cross-site scripting attack against the remote host.
This software is vulnerable to multiple path disclosure vulnerabilities
in the susbsystem directory.
Solution : None at this time.
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.