concrete5 is vulnerable to HTML injection. If there is no canonical URL defined during setup, a malicious user can initiate a GET
request with any domain name in the HOST
header, allowing for arbitrary domains to be set for certain links. It can also act as a potential vector for cross-site scripting (XSS) attacks.
CPE | Name | Operator | Version |
---|---|---|---|
concrete5/concrete5 | le | 5.7.5.12 |
hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-INJECTION.txt
www.securityfocus.com/bid/97649
github.com/concrete5/concrete5/pull/4021
github.com/concrete5/concrete5/pull/4499
hackerone.com/reports/148300
packetstormsecurity.com/files/142145/concrete5-8.1.0-Host-Header-Injection.html
www.exploit-db.com/exploits/41885/