4 matches found
Concrete5 Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-2250
Information -------------------- Advisory by Netsparker. Name: Multiple XSS Vulnerabilities in Concrete5 Affected Software : Concrete5 Affected Versions: 5.7.3.1 and possibly below Vendor Homepage : https://www.concrete5.org Vulnerability Type : Cross-site Scripting Severity : Important CVE-ID:...
CVE-2015-2250
Multiple cross-site scripting XSS vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via the 1 bannedword parameter to index.php/dashboard/system/conversations/bannedwords/success, 2 channel parameter to index.php/dashboard/reports/logs/view, 3...
CVE-2015-2250
Concrete5 before 5.7.4 is vulnerable to multiple reflected XSS flaws (banned_word[], channel, accessType, msCountry, arHandle, pageURL, SEARCH_INDEX_AREA_METHOD, unit, register_notification_email, PATH_INFO, etc.). Exploitation could inject arbitrary scripts and potentially hijack user sessions a...
Concrete5 5.7.3.1 Cross Site Scripting
Information -------------------- Advisory by Netsparker. Name: Multiple XSS Vulnerabilities in Concrete5 Affected Software : Concrete5 Affected Versions: 5.7.3.1 and possibly below Vendor Homepage : https://www.concrete5.org Vulnerability Type : Cross-site Scripting Severity : Important CVE-ID:...