CVE-2022-23049

Name of the Vulnerable Software and Affected Versions Exponent CMS version 2.6.0patch2

Description The issue allows an authenticated user to inject persistent JavaScript code through the User-Agent header when logging in. This code is triggered when an administrator visits the "User Sessions" tab, potentially compromising the administrator's session.

Recommendations For Exponent CMS version 2.6.0patch2, consider disabling access to the "User Sessions" tab until a patch is available to prevent exploitation of the JavaScript injection vulnerability. Restrict the ability for users to inject custom JavaScript code through the User-Agent header to minimize the risk of session compromise.