Security Exponent CMS 2.3.9 XSS / User Injection July 28, 2016 007admin Leave a comment Exponent CMS version 2.3.9 suffers from a cross site scripting vulnerability that allows for user account addition.