VULHUB ™

concrete5是美国Portland实验室开发的一套免费的内容管理系统（CMS）。该系统可直接在页面上编辑、排版。 concrete5 5.7.4之前版本中存在跨站脚本漏洞，该漏洞源于index.php/dashboard/system/conversations/bannedwords/success URI没有充分过滤‘banned_word[]’参数；index.php/dashboard/reports/logs/view URI没有充分过滤‘channel’参数；index.php/tools/required/permissions/access_entity URI没有充分过滤‘accessType’参数；index.php/dashboard/system/multilingual/setup/load_icon URI没有充分过滤‘msCountry’参数；design/submit和design in index.php/ccm/system/dialogs/area/design/submit URI没有充分过滤‘arHandle ’参数；index.php/dashboard/pages/single URI没有充分过滤‘pageURL’参数；index.php/dashboard/system/seo/searchindex/updated URI没有充分过滤‘SEARCH_INDEX_AREA_METHOD’参数；index.php/dashboard/system/optimization/jobs/job_scheduled URI没有充分过滤‘unit’参数；index.php/dashboard/system/registration/open/1 URI没有充分过滤‘register_notification_email’参数；index.php/dashboard/extend/connect/ URI没有充分过滤‘PATH_INFO’参数。远程攻击者可利用该漏洞注入任意Web脚本或HTML。

concrete5是美国Portland实验室开发的一套免费的内容管理系统（CMS）。该系统可直接在页面上编辑、排版。 concrete5 5.7.4之前版本中存在跨站脚本漏洞，该漏洞源于index.php/dashboard/system/conversations/bannedwords/success URI没有充分过滤‘banned_word[]’参数；index.php/dashboard/reports/logs/view URI没有充分过滤‘channel’参数；index.php/tools/required/permissions/access_entity URI没有充分过滤‘accessType’参数；index.php/dashboard/system/multilingual/setup/load_icon URI没有充分过滤‘msCountry’参数；design/submit和design in index.php/ccm/system/dialogs/area/design/submit URI没有充分过滤‘arHandle ’参数；index.php/dashboard/pages/single URI没有充分过滤‘pageURL’参数；index.php/dashboard/system/seo/searchindex/updated URI没有充分过滤‘SEARCH_INDEX_AREA_METHOD’参数；index.php/dashboard/system/optimization/jobs/job_scheduled URI没有充分过滤‘unit’参数；index.php/dashboard/system/registration/open/1 URI没有充分过滤‘register_notification_email’参数；index.php/dashboard/extend/connect/ URI没有充分过滤‘PATH_INFO’参数。远程攻击者可利用该漏洞注入任意Web脚本或HTML。