CVE-2015-8667

Name of the Vulnerable Software and Affected Versions Exponent CMS versions prior to 2.3.5

Description A cross-site scripting (XSS) issue exists in the Reset Your Password module, allowing remote attackers to inject arbitrary web script or HTML via the Username/Email field.

Recommendations For versions prior to 2.3.5, update to version 2.3.5 or later to resolve the issue.