VYPR
Medium severity6.1NVD Advisory· Published Jan 18, 2017· Updated Jun 17, 2026

CVE-2015-8684

CVE-2015-8684

Description

Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the elFinder functionality.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:exponentcms:exponent_cms:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:exponentcms:exponent_cms:*:*:*:*:*:*:*:*range: <=2.3.5
    • (no CPE)range: <2.3.7

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.