Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormQuadron Research LabPACKETSTORM:161997
HistoryMar 29, 2021 - 12:00 a.m.

Concrete5 8.5.4 Cross Site Scripting

2021-03-2900:00:00
Quadron Research Lab
packetstormsecurity.com
167
JSON
`# Exploit Title: Concrete5 8.5.4 - 'name' Stored XSS  
# Date: 2021-01   
# Exploit Author: Quadron Research Lab  
# Version: Concrete5 8.5.4   
# Tested on: Windows 10 x64 HUN/ENG Professional  
# Vendor: Concrete5 CMS (https://www.concrete5.org)  
# CVE: CVE-2021-3111  
  
[Suggested description]  
The Express Entries Dashboard inConcrete5 8.5.4 allows stored XSS via the name field of a new data object at anindex.php/dashboard/express/entries/view/ URI.  
  
[Attack Vectors]  
Creating a new data object, the name field is not filtered. It is possible to place JavaScript code. [Stored XSS]  
  
Proof of Concept  
https://github.com/Quadron-Research-Lab/CVE/blob/main/CVE-2021-3111.pdf  
  
`

Related

prion 1
cve 1
packetstorm 1
zdt 1
cvelist 1
exploitdb 1
openvas 1
prion
prion
Cross site scripting
2021-01-08 15:15:00
cve
cve
CVE-2021-3111
2021-01-08 15:15:00
packetstorm
packetstorm
Concrete5 8.5.4 Cross Site Scripting
2021-03-01 00:00:00
zdt
zdt
Concrete5 8.5.4 Cross Site Scripting Vulnerability
2021-03-02 00:00:00
cvelist
cvelist
CVE-2021-3111
2021-01-08 14:18:31
exploitdb
exploitdb
Concrete5 8.5.4 - 'name' Stored XSS
2021-03-29 00:00:00
openvas
openvas
Concrete CMS < 8.5.5 Multiple Vulnerabilities
2021-03-29 00:00:00
JSON
Related for PACKETSTORM:161997
prion1cve1packetstorm1zdt1cvelist1exploitdb1openvas1