Concrete5 8.5.4 – ‘name’ Stored XSS

Exploit Database
80 阅读

作者： Quadron Research Lab

日期： 2021-03-29
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/49721/

# Exploit Title: Concrete5 8.5.4 - 'name' Stored XSS
# Date: 2021-01 
# Exploit Author: Quadron Research Lab
# Version: Concrete5 8.5.4 
# Tested on: Windows 10 x64 HUN/ENG Professional
# Vendor: Concrete5 CMS (https://www.concrete5.org)
# CVE: CVE-2021-3111

[Suggested description]
The Express Entries Dashboard inConcrete5 8.5.4 allows stored XSS via the name field of a new data object at anindex.php/dashboard/express/entries/view/ URI.

[Attack Vectors]
Creating a new data object, the name field is not filtered.It is possible to place JavaScript code. [Stored XSS]

Proof of Concept
https://github.com/Quadron-Research-Lab/CVE/blob/main/CVE-2021-3111.pdf

last Exploits
Concrete5 8.5.4 – ‘name’ Stored XSS的更多信息

ZesleCP 3.1.9 – Remote Code Execution (RCE) (Authenticated)：
Alienvault 4.3.1 – SQL Injection / Cross-Site Scripting：
OpenFiler 2.99.1 – Arbitrary Code Execution：
vBulletin 4.0.8 PL1 – Cross-Site Scripting Filter Bypass within Profile Customization：
Simple Online College Entrance Exam System 1.0 – SQLi Authentication Bypass：
OpenFiler 2.99.1 – Cross-Site Request Forgery：
Playable 9.18 iOS – Persistent Cross-Site Scripting：
RapidLeech Scripts – Arbitrary File Upload：