CVE-2021-41465

Cross-site scripting XSS vulnerability in concrete/elements/collectiontheme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter...

Cross-site Scripting (XSS)

Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of the Label argument. An attacker can inject malicious scripts by crafting a specially formatted input that exploits the improper...

Cross-site Scripting (XSS)

Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of the Navigation/Title Text/Description Source argument due to improper sanitization. Details Cross-site scripting or XSS is a code...

Cross-site Scripting (XSS)

Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient input sanitization in the "Add Folder" functionality. An attacker with admin privileges can exploit this by injecting malicious scripts int...

CVE-2021-22958

A Server-Side Request Forgery vulnerability was found in concrete5 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0...

Portlandlabs Concrete5 跨站脚本漏洞

Concrete CMS is an open source content management system CMS for publishing content on the World Wide Web and intranet. A cross-site scripting vulnerability exists in Concrete CMS versions prior to 8.5.5. A remote authenticated user can exploit this vulnerability via a specially crafted survey...

Concrete5 Cross-Site Scripting Vulnerability (CNVD-2021-03001)

Portlandlabs Concrete5 is a U.S. PortlandLabs, Inc. open source content management system CMS. A cross-site scripting vulnerability exists in Concrete5 version 8.5.4, which stems from a lack of proper validation of client-side data in the name field of index.php/dashboard/express/entries/view/,...

CVE-2018-19146

Concrete5 8.4.3 has XSS because config/concrete.php allows uploads by administrators of SVG files that may contain HTML data with a SCRIPT element...

Concrete5 cross-site scripting vulnerability (CNVD-2017-32458)

concrete5 is a free content management system CMS. The system can be edited and typeset directly on the page. A cross-site scripting vulnerability exists in concrete5 version 5.7.3.1, which stems from the program failing to validate or encrypt user-submitted input. A remote attacker can exploit...

concrete5 Host Header Injection Vulnerability

concrete5 is a free content management system CMS developed by Portland Labs in the United States. A Host header injection vulnerability exists in concrete5, which allows an attacker to inject a malicious ip or domain name by modifying the Host header...