ConcreteCMS Cross-site Scripting vulnerability

Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS v.9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects...

ConcreteCMS Cross-site Scripting vulnerability

A Cross Site Scripting XSS vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings...

GHSA-6XX7-R8X4-FPJP ConcreteCMS Cross-site Scripting vulnerability

A Cross Site Scripting XSS vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings...

GHSA-P4JJ-GWPG-9JWH ConcreteCMS Cross-site Scripting vulnerability

Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS v.9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects...

CVE-2023-44761

Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects...

CVE-2023-44761

Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects...

CVE-2023-44765

A Cross Site Scripting XSS vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings...

Cross site scripting

A Cross Site Scripting XSS vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings...

PT-2023-29285 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 8.5.13 and below Concrete CMS versions 9.0.0 through 9.2.1 Description: Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS allow a local attacker to execute arbitrary code via a crafted script to the Forms...

PT-2023-29289 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 8.5.12 and below Concrete CMS versions 9.0 through 9.2.1 Description: A Cross Site Scripting XSS vulnerability allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from...

CVE-2023-44765

A Cross Site Scripting XSS vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings...

CVE-2023-44765

CVE-2023-44765 affects Concrete CMS up to v8.5.12 and v9.0–9.2.1, where an XSS flaw in the System & Settings component allows an attacker to execute arbitrary code via a crafted script to the Plural Handle of the Data Objects. Affected versions: 8.5.12 and below; 9.0–9.2.1. Impact is exploitation...

CVE-2023-44761

Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects...

Pimcore 跨站脚本漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates applications for Web content management, e-commerce frameworks and product information management. A cross-site scripting vulnerability exist...

Pimcore SQL注入漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A SQL injection vulnerability exists in Pimcor...

SQL injection in Data Objects function

Description Log in as an admin, go to Data Objects function, and perform a sort action. Observer the request on Burpsuite and injection point is the 'sort' parameter Proof of Concept POC request that makes the application sleep for 5 seconds Data Objects function payload:...

CLSA-2023-1686859492 php: Fix of 3 CVEs

CVE-2022-31628: Fix potential infinite recursion in phar wrapper when using quine gzip file - CVE-2022-31629: Add cookie integrity validation - CVE-2022-31631: Fix integer overflow that could cause PDO::quote to return an improperly quoted string...

Missing Authorization

silverstripe/framework is vulnerable to Missing Authorization. The vulnerability exists due to missing authorization checks on the GridFieldPrintButton.php data objects, which allows an attacker to gain sensitive information...

XSS in choose time value Classes Data Objects

Description XSS in choose time value Classes Data Object Proof of Concept Login in URL : https://demo.pimcore.fun/admin Go to Settings- Data Objects - Classes - News NE - Dates & Images in tab Dates & Images , inject payload to value time at Specific Settings // PoC payload : " video PoC:...

XSS in Classification Store of Data Objects module in Settings

Description pimcore is vulnerable to XSS at Name field in Classification Store of Data Objects module in Settings. The vulnerability exists in all 3 tabs: Group Collections, Group, Key Definitions. Payload " Proof of Concept 1.Go to https://11.x-dev.pimcore.fun/admin/ and login. 2.In the left men...