Latest Vulnerabilities and Exploits



CVE ID:

CVE-2021-3111

Details:

The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI.

References:

:https://documentation.concrete5.org/developers/introduction/version-history
:https://github.com/Quadron-Research-Lab//blob/main/-2021-3111.pdf

ZeroDayLab Assigned Tags:

CROSS SITE SCRIPTING - What is Cross Site Scripting?