Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-44765: GitHub - sromanhu/ConcreteCMS-Stored-XSS---Associations: Cross Site Scripting vulnerability in ConcreteCMS v.9.2.1 allows a local attacker to execute arbitrary code via a crafted script to the Plural

A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings.

CVE
#xss#vulnerability#web#git#java#auth

ConcreteCMS XSS v2.2.18****Author: (Sergio)

Description: Cross Site Scripting vulnerability in ConcreteCMS v.9.2.1 allows a local attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings.

Attack Vectors: Scripting A vulnerability in the sanitization of the entry in the Plural Handle of “Data Objects from System & Settings” allows injecting JavaScript code that will be executed when the user accesses the web page.

POC:

When logging into the panel, we will go to the “System & Settings - Data Objects.” section off General Menu.

We edit the Entity field with the payload that we have created and see that we can inject arbitrary Javascript code in the Plural Handle field.

XSS Payload:

""><svg/onload=alert(‘PluralHandle’)>

Then we add an association:

And we add the Type to Many to Many to add the payload to "Target Property Name and Inversed Property Name":

We execute the association created:

In the following image you can see the embedded code that executes the payload in the main web.

Additional Information:

https://www.concretecms.com/

https://owasp.org/Top10/es/A03_2021-Injection/

Related news

CVE-2023-48649: 2023-11-09 Security Blog about updated CVEs and new releases

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name.

GHSA-6xx7-r8x4-fpjp: ConcreteCMS Cross-site Scripting vulnerability

A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907