Medium severity6.1NVD Advisory· Published Jan 18, 2017· Updated Jun 17, 2026
CVE-2015-8684
CVE-2015-8684
Description
Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the elFinder functionality.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:exponentcms:exponent_cms:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:exponentcms:exponent_cms:*:*:*:*:*:*:*:*range: <=2.3.5
- (no CPE)range: <2.3.7
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.