Description

concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored and allows for arbitrary domains to be set for certain links displayed to subsequent visitors, potentially an XSS vector.

Remediation

References

CVE-2017-7725

Related Vulnerabilities

WordPress Plugin Wholesale Market for WooCommerce Arbitrary File Download (1.0.6)

Apache Tomcat WAR file directory traversal vulnerability

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-42119)

Oracle JRE CVE-2023-22006 Vulnerability (CVE-2023-22006)

MySQL CVE-2016-0605 Vulnerability (CVE-2016-0605)

Severity

Medium

Classification

CVE-2017-7725 CWE-707

Tags

Missing Update Known Vulnerabilities