concrete 5.4.0.5, 5.4.1, and 5.4.1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/spellchecker_service.php and certain other files.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| concrete5 | concrete | 5.4.1 |
| concrete5 | concrete | 5.4.1.1 |
| concrete5 | concrete | 5.4.0.5 |
concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to (1) system/basics/editor.php, (2) system/view.php, (3) system/environment/file_storage_locations.php, (4) system/mail/importers.php, (5) system/mail/method.php, (6) system/permissions/file_types.php, (7) system/permissions/files.php, (8) system/permissions/tasks.php, (9) system/permissions/users.php, (10) system/seo/view.php, (11) view.php, (12) users/attributes.php, (13) scrapbook/view.php, (14) pages/attributes.php, (15) files/attributes.php, or (16) files/search.php in single_pages/dashboard/.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| concretecms | concrete_cms | 5.6.2 |
| concrete5 | concrete5 | 5.5.2.1 |
| concretecms | concrete_cms | 5.6.2.1 |
| concretecms | concrete_cms | 5.4.2.2 |
| concrete5 | concrete5 | 5.6.0 |
| concretecms | concrete_cms | 5.6.1 |
| concretecms | concrete_cms | 5.4.2 |
| concrete5 | concrete5 | 5.6.0.1 |
| concretecms | concrete_cms | 5.6.1.1 |
| concrete5 | concrete5 | 5.5.1 |
| concrete5 | concrete5 | 5.6.0.2 |
| concretecms | concrete_cms | 5.6.1.2 |
| concrete5 | concrete5 | 5.5.2 |
| concretecms | concrete_cms | 5.4.2.1 |
| concrete5 | concrete5 | 5.5.0 |
Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/download_file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| concretecms | concrete_cms | 5.6.2 |
| concrete5 | concrete5 | 5.5.2.1 |
| concretecms | concrete_cms | 5.6.2.1 |
| concretecms | concrete_cms | 5.4.2.2 |
| concrete5 | concrete5 | 5.6.0 |
| concretecms | concrete_cms | 5.6.1 |
| concretecms | concrete_cms | 5.4.2 |
| concrete5 | concrete5 | 5.6.0.1 |
| concretecms | concrete_cms | 5.6.1.1 |
| concrete5 | concrete5 | 5.5.1 |
| concrete5 | concrete5 | 5.6.0.2 |
| concretecms | concrete_cms | 5.6.1.2 |
| concrete5 | concrete5 | 5.5.2 |
| concretecms | concrete_cms | 5.4.2.1 |
| concrete5 | concrete5 | 5.5.0 |
Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/dashboard/users/groups/bulkupdate.php or (2) instance_id parameter in tools/dashboard/sitemap_drag_request.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| concrete5 | concrete5 | * |
| concretecms | concrete_cms | 5.7.2 |
Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) banned_word[] parameter to index.php/dashboard/system/conversations/bannedwords/success, (2) channel parameter to index.php/dashboard/reports/logs/view, (3) accessType parameter to index.php/tools/required/permissions/access_entity, (4) msCountry parameter to index.php/dashboard/system/multilingual/setup/load_icon, arHandle parameter to (5) design/submit or (6) design in index.php/ccm/system/dialogs/area/design/submit, (7) pageURL to index.php/dashboard/pages/single, (8) SEARCH_INDEX_AREA_METHOD parameter to index.php/dashboard/system/seo/searchindex/updated, (9) unit parameter to index.php/dashboard/system/optimization/jobs/job_scheduled, (10) register_notification_email parameter to index.php/dashboard/system/registration/open/1, or (11) PATH_INFO to index.php/dashboard/extend/connect/.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| concrete5 | concrete5 | * |
Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to private messages or other unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| concrete5 | concrete5 | * |
An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (disable_choose) passed to the "concrete5-legacy-master/web/concrete/tools/files/search_dialog.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| concrete5 | concrete5 | * |
An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (fID) passed to the "concrete5-legacy-master/web/concrete/tools/files/selector_data.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| concrete5 | concrete5 | * |