Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type
Vulnerability Description
Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Name field which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.2 with a vector of AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N Concrete versions below 9 do not include group types so they are not affected by this vulnerability. Thanks Luca Fuda for reporting.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
PortlandLabs Concrete CMS 跨站脚本漏洞
Vulnerability Description
PortlandLabs Concrete CMS是美国PortlandLabs公司的一个面向团队的开源内容管理系统。 PortlandLabs Concrete CMS 9.2.7 之前版本存在跨站脚本漏洞,该漏洞源于管理员为 Name 字段提供的数据验证不足,容易受到跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A