Concrete5 is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Concrete5 8.1.0 is vulnerable; other versions may also be affected.
Information
Exploit
An attacker can exploit this issue using a web browser.
References:
- Concrete5 Homepage (Portland Labs)
- Full Page Caching Stored XSS Vulnerability (Hackerone)
- Use relative urls when the canonical url isn't set (Concrete5)