Concrete5 CVE-2017-7725 HTML Injection Vulnerability

Concrete5 is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Concrete5 8.1.0 is vulnerable; other versions may also be affected.


Bugtraq ID: 97649
Class: Input Validation Error
CVE: CVE-2017-7725

Remote: Yes
Local: No
Published: Apr 12 2017 12:00AM
Updated: Apr 14 2017 05:05PM
Credit: Ryan Tyler (rtyler)
Vulnerable: concrete5 concrete5 8.1.0

Not Vulnerable:


An attacker can exploit this issue using a web browser.

Related Posts