As stated on our obsolete bug reporting site (Lighthouse), the XSS Settings and RCE issues only apply to Super-Admin or Admin users and users with that level of permission can do quite a bit to hack a site...However, the User-Agent issue should be addressed.
I reported 3 vulnerabilities on Exponent 2.6.0 (patch2) using https://exponentcms.lighthouseapp.com/ but i didn't receive any update.
Attached below are the links to the tickets, advisories and our responsible disclosure policy respectively.
The text was updated successfully, but these errors were encountered: