10 matches found
EUVD-2024-2758
Malicious code in bioql PyPI...
CVE-2024-8660
Concrete CMS versions 9.0.0 through 9.3.3 are affected by a stored XSS vulnerability in the "Top Navigator Bar" block. Since the "Top Navigator Bar" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the ho...
Concrete CMS stored XSS vulnerability in the "Top Navigator Bar" block
Concrete CMS versions 9.0.0 through 9.3.3 are affected by a stored XSS vulnerability in the "Top Navigator Bar" block. Since the "Top Navigator Bar" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the ho...
GHSA-998C-Q8HH-H8GV Concrete CMS stored XSS vulnerability in the "Top Navigator Bar" block
Concrete CMS versions 9.0.0 through 9.3.3 are affected by a stored XSS vulnerability in the "Top Navigator Bar" block. Since the "Top Navigator Bar" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the ho...
CVE-2024-8660
Concrete CMS versions 9.0.0 through 9.3.3 are affected by a stored XSS vulnerability in the "Top Navigator Bar" block. Since the "Top Navigator Bar" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the ho...
Cross-site Scripting (XSS)
Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient sanitization of the Top Navigator Bar block output. An attacker can execute arbitrary scripts in the context of the user's browser session ...
CVE-2024-8660 Stored XSS in the "Top Navigator Bar" block
Concrete CMS versions 9.0.0 through 9.3.3 are affected by a stored XSS vulnerability in the "Top Navigator Bar" block. Since the "Top Navigator Bar" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the ho...
CVE-2024-8660 Stored XSS in the "Top Navigator Bar" block
Concrete CMS versions 9.0.0 through 9.3.3 are affected by a stored XSS vulnerability in the "Top Navigator Bar" block. Since the "Top Navigator Bar" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the ho...
CVE-2024-8660
CVE-2024-8660 affects Concrete CMS versions 9.0.0–9.3.3. It is a stored XSS in the "Top Navigator Bar" block caused by insufficient sanitization; a rogue administrator could inject payloads that execute when targeted users visit the home page. Versions below 9.0.0 are unaffected due to absence of...
CVE-2024-8660 Stored XSS in the "Top Navigator Bar" block
Concrete CMS versions 9.0.0 through 9.3.3 are affected by a stored XSS vulnerability in the "Top Navigator Bar" block. Since the "Top Navigator Bar" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the ho...