Lucene search
PRIOn knowledge basePRION:CVE-2021-3111HistoryJan 08, 2021 - 3:15 p.m.
Cross site scripting
2021-01-0815:15:00
PRIOn knowledge base
www.prio-n.com
5
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI.
| CPE | Name | Operator | Version |
|---|---|---|---|
| concrete_cms | lt | 8.5.5 |
References
packetstormsecurity.com/files/161600/Concrete5-8.5.4-Cross-Site-Scripting.html
packetstormsecurity.com/files/161997/Concrete5-8.5.4-Cross-Site-Scripting.html
documentation.concrete5.org/developers/introduction/version-history
documentation.concrete5.org/developers/introduction/version-history/855-release-notes
github.com/Quadron-Research-Lab/CVE/blob/main/CVE-2021-3111.pdf
Related
packetstorm
packetstorm
Concrete5 8.5.4 Cross Site Scripting
2021-03-01 00:00:00
Concrete5 8.5.4 Cross Site Scripting
2021-03-29 00:00:00
cve
cve
CVE-2021-3111
2021-01-08 15:15:12
nvd
nvd
CVE-2021-3111
2021-01-08 15:15:12
zdt
zdt
Concrete5 8.5.4 Cross Site Scripting Vulnerability
2021-03-02 00:00:00
cvelist
cvelist
CVE-2021-3111
2021-01-08 14:18:31
exploitdb
exploitdb
Concrete5 8.5.4 - 'name' Stored XSS
2021-03-29 00:00:00
openvas
openvas
Concrete CMS < 8.5.5 Multiple Vulnerabilities
2021-03-29 00:00:00