8 matches found
Concrete5 8.5.4 Cross Site Scripting
Exploit Title: Concrete5 8.5.4 - 'name' Stored XSS Date: 2021-01 Exploit Author: Quadron Research Lab Version: Concrete5 8.5.4 Tested on: Windows 10 x64 HUN/ENG Professional Vendor: Concrete5 CMS https://www.concrete5.org CVE: CVE-2021-3111 Suggested description The Express Entries Dashboard...
Concrete5 8.5.4 - 'name' Stored XSS
Exploit Title: Concrete5 8.5.4 - 'name' Stored XSS Date: 2021-01 Exploit Author: Quadron Research Lab Version: Concrete5 8.5.4 Tested on: Windows 10 x64 HUN/ENG Professional Vendor: Concrete5 CMS https://www.concrete5.org CVE: CVE-2021-3111 Suggested description The Express Entries Dashboard...
Concrete5 8.5.4 Cross Site Scripting Vulnerability
Exploit Title: Cross site scriptingXSS Author: nu11secur1ty Vendor: https://www.concrete5.org/download Link: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3111 CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3111 Exploit Place - Navigate to entries directory...
Concrete5 8.5.4 Cross Site Scripting
Exploit Title: Cross site scriptingXSS Author: nu11secur1ty Date: 02.27.2021 Vendor: https://www.concrete5.org/download Link: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3111 CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3111 Exploit Place - Navigate to entries...
CVE-2021-3111
creationtimestamp| type| source ---|---|--- 2021-01-08 18:41:53+00:00| seen| https://t.me/cibsecurity/21825 2024-11-14 06:08:17+00:00| seen| MISP/6ab56f86-8548-4c67-b921-bc3df14a88c9...
CVE-2021-3111
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI...
CVE-2021-3111
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI...
CVE-2021-3111
CVE-2021-3111 affects Concrete5 CMS 8.5.4, with a stored XSS in the Express Entries Dashboard (name field at index.php/dashboard/express/entries/view/). Root cause: insufficient input filtering of the name field. Public disclosures and PoCs exist (Exploit-DB, PacketStorm); no remediation/version ...