CVE-2014-8690

Name of the Vulnerable Software and Affected Versions Exponent CMS versions prior to 2.1.4 patch 6 Exponent CMS versions 2.2.x prior to 2.2.3 patch 9 Exponent CMS versions 2.3.x prior to 2.3.1 patch 4

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the PATH INFO, the src parameter in a none action to "index.php", or the "First Name" or "Last Name" field to "users/edituser".

Recommendations For Exponent CMS versions prior to 2.1.4 patch 6, update to version 2.1.4 patch 6 or later. For Exponent CMS versions 2.2.x prior to 2.2.3 patch 9, update to version 2.2.3 patch 9 or later. For Exponent CMS versions 2.3.x prior to 2.3.1 patch 4, update to version 2.3.1 patch 4 or later.