Privilege Escalation

concrete5/concrete5 is vulnerable to privilege escalation. The vulnerability exists in 'bulkupdate.php' because the 'view' permissions granted users in that group can escalate to being an administrator using specially crafted curl...

Cross-site Scripting (XSS)

concrete5/concrete5 is vulnerable to cross-site scripting XSS attacks. The library does not sanitize several parameters in web/concrete/singlepages/dashboard/users/groups/bulkupdate.php and web/concrete/tools/dashboard/sitemapdragrequest.php, allowing a malicious user to inject and execute...

Cross-site Scripting (XSS)

concrete5 is vulnerable to cross-site scripting XSS attacks. The library fails to sanitize user input to bulkupdate.php and sitemapdragrequest.php, allowing a malicious user to inject and execute arbitrary script...