Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9526

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-9526
Last Modified 06 Jan 2015 11:55:01
Published 05 Jan 2015 04:59:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-9526

Summary

Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/dashboard/users/groups/bulkupdate.php or (2) instance_id parameter in tools/dashboard/sitemap_drag_request.php.

Vulnerable Systems

Application

  • Concrete5 5.7.2

  • Concrete5 5.7.2.1


References

XF - concrete5-multiple-xss(99264)

BUGTRAQ - 20141209 Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities

MISC - http://packetstormsecurity.com/files/129446/Concrete5-CMS-5.7.2-5.7.2.1-Cross-Site-Scripting.html

MISC - http://morxploit.com/morxploits/morxconxss.txt


Last Updated: 27 May 2016 11:07:27