Description

The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI.

Remediation

References

CVE-2021-3111

Related Vulnerabilities

Microsoft SQL Server CVE-2023-32028 Vulnerability (CVE-2023-32028)

WebERP Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-20420)

WordPress Plugin Login or Logout Menu Item Security Bypass (1.1.1)

PHP Other Vulnerability (CVE-2006-4484)

WordPress Plugin Coupon Creator Cross-Site Request Forgery (3.1)

Severity

Low

Classification

CVE-2021-3111 CWE-707 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities