Exponent CMS Banner Module Arbitrary Script Execution Vulnerability

info
discussion
exploit
solution
references

Exponent CMS Banner Module Arbitrary Script Execution Vulnerability

Exponent CMS is prone to an arbitrary script-execution vulnerability. The application fails to properly sanitize user-supplied input to its banner and image-upload portion.

An attacker can include remote script code and execute it in the context of an affected server.

Versions prior to 0.96.5 RC 1 are reported to be vulnerable.