Lucene search
Zdt1337DAY-ID-35888HistoryMar 02, 2021 - 12:00 a.m.
Concrete5 8.5.4 Cross Site Scripting Vulnerability
2021-03-0200:00:00
0day.today
22
0.005 Low
EPSS
Percentile
76.6%
# Exploit Title: Cross site scripting(XSS)
# Author: nu11secur1ty
# Vendor: https://www.concrete5.org/download
# Link: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3111
# CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3111
[Exploit]
# Place
- Navigate to entries directory
concrete5-8.5.4/index.php/dashboard/express/entries/
# PoC
- Copy and paste the int_string in to Handle field
nu11secur1ty0000000111111100101010100100100100101010101
- fill in the remaining fields and save
# 0day.today [2021-09-14] #Related
cve
cve
CVE-2021-3111
2021-01-08 15:15:12
nvd
nvd
CVE-2021-3111
2021-01-08 15:15:12
prion
prion
Cross site scripting
2021-01-08 15:15:00
cvelist
cvelist
CVE-2021-3111
2021-01-08 14:18:31
packetstorm
packetstorm
Concrete5 8.5.4 Cross Site Scripting
2021-03-01 00:00:00
Concrete5 8.5.4 Cross Site Scripting
2021-03-29 00:00:00
exploitdb
exploitdb
Concrete5 8.5.4 - 'name' Stored XSS
2021-03-29 00:00:00
openvas
openvas
Concrete CMS < 8.5.5 Multiple Vulnerabilities
2021-03-29 00:00:00