Vulnerabilities (CVE)

Filtered by vendor Exponentcms Subscribe
Filtered by product Exponentcms
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-38751 1 Exponentcms 1 Exponentcms 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM.