Medium severity6.1NVD Advisory· Published Jan 18, 2017· Updated Jun 17, 2026
CVE-2015-8667
CVE-2015-8667
Description
Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:exponentcms:exponent_cms:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:exponentcms:exponent_cms:*:*:*:*:*:*:*:*range: <=2.3.5
- (no CPE)range: <2.3.5
Patches
Vulnerability mechanics
References
2- exponentcms.lighthouseapp.com/projects/61783/tickets/1320-exponent-cms-235-cross-site-scripting-vulnerabilitynvdVendor Advisory
- packetstormsecurity.com/files/136763/Exponent-CMS-2.3.5-Cross-Site-Scripting.htmlnvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.