Lucene search
PRIOn knowledge basePRION:CVE-2017-7725HistoryApr 13, 2017 - 5:59 p.m.
Design/Logic Flaw
2017-04-1317:59:00
PRIOn knowledge base
www.prio-n.com
2
concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a “canonical” URL on installation of concrete5 using the “Advanced Options” settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored and allows for arbitrary domains to be set for certain links displayed to subsequent visitors, potentially an XSS vector.
| CPE | Name | Operator | Version |
|---|---|---|---|
| concrete_cms | eq | 8.1.0 |
Related
exploitpack
exploitpack
Concrete5 CMS 8.1.0 - Host Header Injection
2017-04-14 00:00:00
osv
osv
Concrete CMS vulnerable to cross-site scripting (XSS)
2022-05-13 01:08:38
CVE-2017-7725
2017-04-13 17:59:00
nvd
nvd
CVE-2017-7725
2017-04-13 17:59:00
packetstorm
packetstorm
concrete5 8.1.0 Host Header Injection
2017-04-14 00:00:00
cve
cve
CVE-2017-7725
2017-04-13 17:59:00
cvelist
cvelist
CVE-2017-7725
2017-04-13 17:00:00
zdt
zdt
Concrete5 8.1.0 - Host Header Injection Vulnerability
2017-04-14 00:00:00
veracode
veracode
HTML Injection
2017-05-23 07:53:59
github
github
Concrete CMS vulnerable to cross-site scripting (XSS)
2022-05-13 01:08:38
exploitdb
exploitdb
Concrete5 CMS 8.1.0 - 'Host' Header Injection
2017-04-14 00:00:00
openvas
openvas
Concrete5 Header Injection and CSRF Vulnerability
2017-04-19 00:00:00