CVE-2017-8085by Jeremyin Security Bulletinson Posted on April 24, 2017 In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php.