5 matches found
Cross site scripting in Concrete CMS
Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type...
CVE-2024-8291
Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 5.1 with vector...
Concrete CMS 跨站脚本漏洞
Concrete CMS is a team-oriented open source content management system from Concrete CMS Open Source. A cross-site scripting vulnerability exists in Concrete CMS versions 9.0.0 through 9.3.3 and prior to 8.5.19, which stems from vulnerability to stored cross-site scripting attacks...
Concrete CMS 跨站脚本漏洞
Concrete CMS is a team-oriented open source content management system from Concrete CMS Open Source. A cross-site scripting vulnerability exists in Concrete CMS versions 9.0.0 through 9.3.3 and prior to 8.5.19. The vulnerability stems from the calendar event names not being cleaned up during...
Cross site scripting
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the Associated Projects feature /secure/admin/AssociatedProjectsForCustomField.jspa. The affected versions are before...