CVE-2014-9526

Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/dashboard/users/groups/bulkupdate.php or (2) instance_id parameter in tools/dashboard/sitemap_drag_request.php.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:concrete5:concrete5:*:*:*:*:*:*:*:*
cpe:2.3:a:concretecms:concrete_cms:5.7.2:*:*:*:*:*:*:*

Information

Published : 2015-01-05 13:59

Updated : 2021-07-15 13:42


NVD link : CVE-2014-9526

Mitre link : CVE-2014-9526


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

concrete5

  • concrete5

concretecms

  • concrete_cms