# Exploit Title: Cross site scripting(XSS)
# Author: nu11secur1ty
# Vendor: https://www.concrete5.org/download
# Link: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3111
# CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3111
[Exploit]
# Place
- Navigate to entries directory
concrete5-8.5.4/index.php/dashboard/express/entries/
# PoC
- Copy and paste the int_string in to Handle field
nu11secur1ty0000000111111100101010100100100100101010101
- fill in the remaining fields and save
# 0day.today [2021-09-14] #