Cross site scripting

2015-01-0521:59:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/dashboard/users/groups/bulkupdate.php or (2) instance_id parameter in tools/dashboard/sitemap_drag_request.php.

CPENameOperatorVersion
concrete5le5.7.2.1
concrete_cmseq5.7.2

CPE	Name	Operator	Version
	concrete5	le	5.7.2.1
	concrete_cms	eq	5.7.2

References

morxploit.com/morxploits/morxconxss.txt

packetstormsecurity.com/files/129446/Concrete5-CMS-5.7.2-5.7.2.1-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2014/Dec/38

www.securityfocus.com/archive/1/534189/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/99264