CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-3111 – Concrete5 8.5.4 - 'name' Stored XSS
https://notcve.org/view.php?id=CVE-2021-3111
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI. El Express Entries Dashboard en Concrete versión 5 8.5.4, permite almacenar una vulnerabilidad de tipo XSS por medio del campo name de un nuevo objeto de datos en un URI index.php/dashboard/express/entries/view/ Concrete5 version 8.5.4 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting in this version is attributed to nu11secur1ty in March of 2021. • https://www.exploit-db.com/exploits/49721 http://packetstormsecurity.com/files/161600/Concrete5-8.5.4-Cross-Site-Scripting.html http://packetstormsecurity.com/files/161997/Concrete5-8.5.4-Cross-Site-Scripting.html https://documentation.concrete5.org/developers/introduction/version-history https://documentation.concrete5.org/developers/introduction/version-history/855-release-notes https://github.com/Quadron-Research-Lab/CVE/blob/main/CVE-2021-3111.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-24986
https://notcve.org/view.php?id=CVE-2020-24986
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands. Concrete5 versiones hasta 8.5.2 incluyéndola, permite la Carga Sin Restricciones de Archivos con un Tipo Peligroso, tales como un archivo .php por medio del File Manager. Es posible modificar la configuración del sitio para cargar el archivo PHP y ejecutar comandos arbitrarios • https://hackerone.com/reports/768322 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-11476
https://notcve.org/view.php?id=CVE-2020-11476
Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file. Concrete5 versiones anteriores a 8.5.3, permite una Carga Sin Restricciones de Archivos con Tipos Peligrosos, como un archivo .phar • https://github.com/concrete5/concrete5/pull/8713 https://github.com/concrete5/concrete5/releases/tag/8.5.3 https://herolab.usd.de/security-advisories https://herolab.usd.de/security-advisories/usd-2020-0041 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14961
https://notcve.org/view.php?id=CVE-2020-14961
Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value. Concrete5 versiones anteriores a 8.5.3, no restringe la dirección de clasificación a un valor asc o desc válido • https://github.com/concrete5/concrete5/pull/8651 https://github.com/concrete5/concrete5/releases/tag/8.5.3 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2017-18195 – Concrete5 CMS < 8.3.0 - Username / Comments Enumeration
https://notcve.org/view.php?id=CVE-2017-18195
An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers. Se ha descubierto un problema en tools/conversations/view_ajax.php en Concrete5, en versiones anteriores a la 8.3.0. Un usuario no autenticado puede enumerar comentarios de todos los posts de blog realizando peticiones POST a /index.php/tools/required/conversations/view_ajax con enteros "cnvID" incrementales. Concrete5 versions prior to 8.3.0 suffers from enumeration vulnerabilities. • https://www.exploit-db.com/exploits/44194 https://github.com/concrete5/concrete5/pull/6008/files https://github.com/concrete5/concrete5/releases/tag/8.3.0 https://github.com/r3naissance/NSE/blob/master/http-vuln-cve2017-18195.nse •