CVSS Base Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Detection Type: Remote Banner
Solution Type: Vendor Patch
Summary: Concrete5 is prone to a stored cross-site scripting (XSS) vulnerability.
Detection Method: Checks if a vulnerable version is present on the target host.
Technical Details: The vulnerability exists because config/concrete.php allows uploads
(by administrators) of SVG files that may contain HTML data with a SCRIPT element.
Impact: Successful exploitation would allow an authenticated attacker
to store malicious code inside the application which is then being executed when browsing to an affected site.
Affected Versions: Concrete5 through version 8.4.3.
Recommendations: Update to version 8.4.4 or later.
Web application abuses
Mageni can help you to find out if you have this or more vulnerabilities exposing you to hackers, ransomware and malware: Download Mageni's Free Edition
WordPress Admin Columns plugin <= 3.4.6 CSV Injection Vulnerability
HP Printers Multiple Vulnerabilities (HPSBPI03630)
Debian LTS Advisory ([SECURITY] [DLA 1986-1] ruby-haml security update)
Debian LTS Advisory ([SECURITY] [DLA 1987-1] firefox-esr security update)
Debian LTS Advisory ([SECURITY] [DLA 1984-1] gdal security update)
Avast Antivirus <= 19.3.2369 XSS Vulnerability (Windows)
AVG Antivirus <= 19.3.3084 XSS Vulnerability (Windows)
Debian LTS Advisory ([SECURITY] [DLA 1985-1] djvulibre security update)
Debian Security Advisory DSA 4561-1 (fribidi - security update)
Forcepoint Email Security Detection (HTTP)
Mageni provides a free vulnerability scanning and management platform which helps you need to find, prioritize, remediate and manage your vulnerabilities.