Description
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Resource Management Errors Vulnerability (CVE-2014-3523)
WordPress Plugin SG Optimizer Multiple Vulnerabilities (3.3.5)
WordPress Plugin Custom Login Redirect Cross-Site Request Forgery (1.0.0)
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3736)
WordPress Plugin WP-OliveCart Multiple Vulnerabilities (3.1.2)