3 matches found
Arbitrary File Upload
concrete5/concrete5 is vulnerable to Arbitrary File Upload. The vulnerability exists due to the lack of sanitization in the Thumbnail file upload section, which allows an attacker to upload maliciously crafted PDF, SVG, or HTML files, potentially leading to Cross-Site Scripting XSS attacks...
GHSA-WRP2-6V6J-HFMG ConcreteCMS vulnerable to Stored Cross-site Scripting
Concrete CMS v9.2.1 is affected by Arbitrary File Upload vulnerability via the Thumbnail file upload, which allows Cross-Site Scripting XSS...
CVE-2023-44763
Summary: Concrete CMS v9.2.1 is affected by an arbitrary file upload vulnerability via the Thumbnail upload, enabling Cross-Site Scripting (XSS). The issue stems from insufficient validation/sanitization of uploaded files, allowing malicious content to be stored/executed. Several connected source...