e6cd1b38eb
9 changes to exploits/shellcodes Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption vsftpd 3.0.3 - Remote Denial of Service WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution (Authenticated) TP-Link Devices - 'setDefaultHostname' Stored Cross-site Scripting (Unauthenticated) Concrete5 8.5.4 - 'name' Stored XSS Equipment Inventory System 1.0 - 'multiple' Stored XSS Budget Management System 1.0 - 'Budget title' Stored XSS Novel Boutique House-plus 3.5.1 - Arbitrary File Download SyncBreeze 10.1.16 - XML Parsing Stack-based Buffer Overflow
16 lines
No EOL
679 B
Text
16 lines
No EOL
679 B
Text
# Exploit Title: Concrete5 8.5.4 - 'name' Stored XSS
|
|
# Date: 2021-01
|
|
# Exploit Author: Quadron Research Lab
|
|
# Version: Concrete5 8.5.4
|
|
# Tested on: Windows 10 x64 HUN/ENG Professional
|
|
# Vendor: Concrete5 CMS (https://www.concrete5.org)
|
|
# CVE: CVE-2021-3111
|
|
|
|
[Suggested description]
|
|
The Express Entries Dashboard inConcrete5 8.5.4 allows stored XSS via the name field of a new data object at anindex.php/dashboard/express/entries/view/ URI.
|
|
|
|
[Attack Vectors]
|
|
Creating a new data object, the name field is not filtered. It is possible to place JavaScript code. [Stored XSS]
|
|
|
|
Proof of Concept
|
|
https://github.com/Quadron-Research-Lab/CVE/blob/main/CVE-2021-3111.pdf |