Lucene search
K

4 matches found

securityvulns
securityvulns
added 2015/05/17 12:0 a.m.72 views

Concrete5 Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-2250

Information -------------------- Advisory by Netsparker. Name: Multiple XSS Vulnerabilities in Concrete5 Affected Software : Concrete5 Affected Versions: 5.7.3.1 and possibly below Vendor Homepage : https://www.concrete5.org Vulnerability Type : Cross-site Scripting Severity : Important CVE-ID:...

4.3CVSS0.1AI score0.02111EPSS
Exploits2
NVD
NVD
added 2015/05/15 6:59 p.m.30 views

CVE-2015-2250

Multiple cross-site scripting XSS vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via the 1 bannedword parameter to index.php/dashboard/system/conversations/bannedwords/success, 2 channel parameter to index.php/dashboard/reports/logs/view, 3...

4.3CVSS5.7AI score0.02111EPSS
Exploits2References6
CVE
CVE
added 2015/05/15 6:0 p.m.50 views

CVE-2015-2250

Concrete5 before 5.7.4 is vulnerable to multiple reflected XSS flaws (banned_word[], channel, accessType, msCountry, arHandle, pageURL, SEARCH_INDEX_AREA_METHOD, unit, register_notification_email, PATH_INFO, etc.). Exploitation could inject arbitrary scripts and potentially hijack user sessions a...

4.3CVSS5.8AI score0.02111EPSS
Exploits2References6Affected Software1
Packet Storm
Packet Storm
added 2015/05/13 12:0 a.m.47 views

Concrete5 5.7.3.1 Cross Site Scripting

Information -------------------- Advisory by Netsparker. Name: Multiple XSS Vulnerabilities in Concrete5 Affected Software : Concrete5 Affected Versions: 5.7.3.1 and possibly below Vendor Homepage : https://www.concrete5.org Vulnerability Type : Cross-site Scripting Severity : Important CVE-ID:...

4.3CVSS6.7AI score0.02111EPSS
Exploits2
Rows per page
Query Builder