Lucene search
K

8 matches found

Packet Storm
Packet Storm
added 2021/03/29 12:0 a.m.368 views

Concrete5 8.5.4 Cross Site Scripting

Exploit Title: Concrete5 8.5.4 - 'name' Stored XSS Date: 2021-01 Exploit Author: Quadron Research Lab Version: Concrete5 8.5.4 Tested on: Windows 10 x64 HUN/ENG Professional Vendor: Concrete5 CMS https://www.concrete5.org CVE: CVE-2021-3111 Suggested description The Express Entries Dashboard...

3.5CVSS0.03008EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/03/29 12:0 a.m.301 views

Concrete5 8.5.4 - 'name' Stored XSS

Exploit Title: Concrete5 8.5.4 - 'name' Stored XSS Date: 2021-01 Exploit Author: Quadron Research Lab Version: Concrete5 8.5.4 Tested on: Windows 10 x64 HUN/ENG Professional Vendor: Concrete5 CMS https://www.concrete5.org CVE: CVE-2021-3111 Suggested description The Express Entries Dashboard...

4.8CVSS5.6AI score0.03008EPSS
Exploits5
0day.today
0day.today
added 2021/03/02 12:0 a.m.53 views

Concrete5 8.5.4 Cross Site Scripting Vulnerability

Exploit Title: Cross site scriptingXSS Author: nu11secur1ty Vendor: https://www.concrete5.org/download Link: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3111 CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3111 Exploit Place - Navigate to entries directory...

4.8CVSS0.03008EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/03/01 12:0 a.m.263 views

Concrete5 8.5.4 Cross Site Scripting

Exploit Title: Cross site scriptingXSS Author: nu11secur1ty Date: 02.27.2021 Vendor: https://www.concrete5.org/download Link: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3111 CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3111 Exploit Place - Navigate to entries...

3.5CVSS5.6AI score0.03008EPSS
Exploits5
Circl
Circl
added 2021/01/08 6:41 p.m.23 views

CVE-2021-3111

creationtimestamp| type| source ---|---|--- 2021-01-08 18:41:53+00:00| seen| https://t.me/cibsecurity/21825 2024-11-14 06:08:17+00:00| seen| MISP/6ab56f86-8548-4c67-b921-bc3df14a88c9...

4.8CVSS4.9AI score0.03008EPSS
Exploits5References1
OSV
OSV
added 2021/01/08 3:15 p.m.5 views

CVE-2021-3111

The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI...

4.8CVSS6AI score0.03008EPSS
Exploits5References5
Cvelist
Cvelist
added 2021/01/08 2:18 p.m.42 views

CVE-2021-3111

The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI...

5.4AI score0.03008EPSS
Exploits5References5
CVE
CVE
added 2021/01/08 2:18 p.m.107 views

CVE-2021-3111

CVE-2021-3111 affects Concrete5 CMS 8.5.4, with a stored XSS in the Express Entries Dashboard (name field at index.php/dashboard/express/entries/view/). Root cause: insufficient input filtering of the name field. Public disclosures and PoCs exist (Exploit-DB, PacketStorm); no remediation/version ...

4.8CVSS5AI score0.03008EPSS
Exploits5References5Affected Software1
Rows per page
Query Builder