Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stored XSS in Folder Function by Rogue Admin
Vulnerability Description
Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N. Versions below 9 are not affected. Thanks, Alfin Joseph for reporting.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
Concrete CMS 输入验证错误漏洞
Vulnerability Description
Concrete CMS是Concrete CMS开源的一个面向团队的开源内容管理系统。 Concrete CMS 9.0.0至9.3.9版本存在输入验证错误漏洞,该漏洞源于Add Folder功能缺少输入清理,可能导致恶意管理员注入存储型跨站脚本有效载荷。
CVSS Information
N/A
Vulnerability Type
N/A