3 matches found
CVE-2022-30119
XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-da...
Design/Logic Flaw
XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-da...
CVE-2022-30118
CVE-2022-30118 involves Cross‑Site Scripting in PortlandLabs Concrete CMS. The vulnerability lies in the /dashboard/system/express/entities/forms/save_control/[GUID] path where old browsers, specifically Internet Explorer with XSS protection disabled, can edit a form control in Concrete 8.5.7 and...