Cross-site Scripting (XSS)

Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper input sanitization in the Conversation Messages Dashboard page. An attacker can execute arbitrary scripts in the context of a user's browser by...

Cross-site Scripting (XSS)

Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of the Title/Body source fields. An attacker can inject malicious scripts by crafting malicious input to these fields. Details...

GHSA-2MVG-C6MG-3Q63 Concrete CMS vulnerable to cross-site scripting (XSS)

concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header. This is stored...

Concrete CMS vulnerable to cross-site scripting (XSS)

concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header. This is stored...

Concrete5 8.5.4 - 'name' Stored XSS

Exploit Title: Concrete5 8.5.4 - 'name' Stored XSS Date: 2021-01 Exploit Author: Quadron Research Lab Version: Concrete5 8.5.4 Tested on: Windows 10 x64 HUN/ENG Professional Vendor: Concrete5 CMS https://www.concrete5.org CVE: CVE-2021-3111 Suggested description The Express Entries Dashboard...

Concrete5 8.5.4 Cross Site Scripting

Exploit Title: Concrete5 8.5.4 - 'name' Stored XSS Date: 2021-01 Exploit Author: Quadron Research Lab Version: Concrete5 8.5.4 Tested on: Windows 10 x64 HUN/ENG Professional Vendor: Concrete5 CMS https://www.concrete5.org CVE: CVE-2021-3111 Suggested description The Express Entries Dashboard...

Concrete CMS: Authenticated path traversal to RCE

crayons Description The bFilename parameter in the scenario index.php/ccm/system/dialogs/block/design/submit is vulnerable to remote code execution via path traversal vulnerability. Authenticated attacker with rights to edit web application pages can upload malicious PNG file containing PHP code...

Concrete CMS: Stored unauth XSS in calendar event via CSRF

crayons Description The description parameter in the scenario /index.php/ccm/calendar/dialogs/event/add/save is affected by Stored XSS due to lack of user supplied data filtration. Also in should be mentioned that this endpoint does not verify CSRF token ccmtoken, which leads to an ability to...

Concrete CMS: Stored XSS on express entries

Download Concrete5 8.5.2 and install it 2. Log into your Concrete5 instance as admin 3. Go to Dashboard System settings Express entities /index.php/dashboard/system/express/entities 4. Сlick on the Create button 5. in the field Name paste the following text: alert1 6. Go to tab View Objects...

Concrete5 < 8.3.0 - Username / Comments Enumeration Exploit

Exploit for php platform in category web applications !/usr/bin/env python3 Concrete5 8.3 vulnerable to Authorization Bypass Through User-Controlled Key IDOR CVE-2017-18195 Chapman R3naissance Schleiss from queue import Queue from threading import Thread from bs4 import BeautifulSoup from tabulat...

Concrete5 8.3.0 - Username Comments Enumeration

Concrete5 8.3.0 - Username Comments Enumeration !/usr/bin/env python3 Concrete5 8.3 vulnerable to Authorization Bypass Through User-Controlled Key IDOR CVE-2017-18195 Chapman R3naissance Schleiss from queue import Queue from threading import Thread from bs4 import BeautifulSoup from tabulate impo...

Concrete5 CMS &lt; 8.3.0 - Username / Comments Enumeration

!/usr/bin/env python3 Concrete5 8.3 vulnerable to Authorization Bypass Through User-Controlled Key IDOR CVE-2017-18195 Chapman R3naissance Schleiss from queue import Queue from threading import Thread from bs4 import BeautifulSoup from tabulate import tabulate import argparse import requests impo...

concrete5 8.1.0 Thumbnail Editor CSRF Vulnerability

Exploit for php platform in category web applications +-------------------------------------------------------------+ | Vulnerable Software: Concrete5 CMS | | Vendor: http://www.concrete5.org/ | | Vulnerability Type: CSRF to DoS disables installation | | Date Released: 23/04/2017 | | Released by:...

Concrete5 CMS 8.1.0 - Host Header Injection

Concrete5 CMS 8.1.0 - Host Header Injection + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-INJECTION.txt + ISR: ApparitionSec Vendor: ================== www.concrete5.org Product:...

concrete5 8.1.0 Host Header Injection

Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-INJECTION.txt + ISR: ApparitionSec Vendor: ================== www.concrete5.org Product: ================ concrete5 v8.1.0 concrete5 is an...

Concrete5 CMS 8.1.0 - &#039;Host&#039; Header Injection

Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-INJECTION.txt + ISR: ApparitionSec Vendor: ================== www.concrete5.org Product: ================ concrete5 v8.1.0 concrete5 is an...

Concrete5 8.1.0 - Host Header Injection Vulnerability

Exploit for php platform in category web applications + Credits: John Page a.k.a hyp3rlinx Vendor: ================== www.concrete5.org Product: ================ concrete5 v8.1.0 concrete5 is an open-source content management system CMS for publishing content on the World Wide Web and intranets...

concrete5 CMS Install Detected

Binary data 9446.prm...

concrete5 CMS Version Detection

Binary data 9447.prm...

Concrete5 CMS 5.7.3.1 - &#039;Application::dispatch&#039; Method Local File Inclusion

------------------------------------------------------------------------------- Concrete5 installed 329. $response = $this-getEarlyDispatchResponse; 330. 331. if !isset$response 332. $collection = Route::getList; 333. $context = new \Symfony\Component\Routing\RequestContext; 334...