Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS allows association with an entity name that doesn’t exist or, if it does exist, contains XSS since it was not properly sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PortlandLabs Concrete CMS 跨站脚本漏洞
Vulnerability Description
PortlandLabs Concrete CMS是美国PortlandLabs公司的一个面向团队的开源内容管理系统。 Concrete CMS(concrete5) 8.5.10之前版本和9.0.0至9.1.2版本存在跨站脚本漏洞,该漏洞源于允许与不存在的实体名称关联,导致存储型跨站脚本(XSS)。
CVSS Information
N/A
Vulnerability Type
N/A