Chengable

Name of the Vulnerable Software and Affected Versions: Exponent CMS versions prior to 2.4.1 Patch #6 Description: The issue allows certain admin users to elevate their privileges. Recommendations: For versions prior to 2.4.1 Patch #6, update to version 2.4.1 Patch #6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Exponent CMS versions prior to 2.4.1 Patch #5 **Description** The issue allows for XSS in elFinder, which is located in framework/modules/file/connector/elfinder.php. **Recommendations** For versions prior to 2.4.1 Patch #5, update to version 2.4.1 Patch #5 or later to resolve the issue.