Lucene search
Veracode Vulnerability DatabaseVERACODE:4664HistoryJul 25, 2017 - 7:30 p.m.
Cross-site Scripting (XSS)
2017-07-2519:30:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
2
0.012 Low
EPSS
Percentile
85.0%
concrete5 is vulnerable to cross-site scripting (XSS) attacks. The library fails to sanitize user input to bulkupdate.php and sitemap_drag_request.php, allowing a malicious user to inject and execute arbitrary script.
| CPE | Name | Operator | Version |
|---|---|---|---|
| concrete5/concrete5 | le | 5.7.2.1 |
References
morxploit.com/morxploits/morxconxss.txt
packetstormsecurity.com/files/129446/Concrete5-CMS-5.7.2-5.7.2.1-Cross-Site-Scripting.html
seclists.org/fulldisclosure/2014/Dec/38
www.securityfocus.com/archive/1/534189/100/0/threaded
exchange.xforce.ibmcloud.com/vulnerabilities/99264
www.concrete5.org/community/forums/5-7-discussion/5.7.x-cve-vulnerabilities-applies-to-5.6-also
Related
cve
cve
CVE-2014-9526
2015-01-05 21:59:00
cvelist
cvelist
CVE-2014-9526
2015-01-05 21:00:00
prion
prion
Cross site scripting
2015-01-05 21:59:00
nvd
nvd
CVE-2014-9526
2015-01-05 21:59:00