CVE-2015-8684

Name of the Vulnerable Software and Affected Versions Exponent CMS versions prior to 2.3.7

Description The issue allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact by uploading files with certain extensions, such as .html, and then accessing them via the elFinder functionality.

Recommendations For versions prior to 2.3.7, update to version 2.3.7 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to only necessary file types and disabling access to the elFinder functionality until the update is applied.