Description

Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/dashboard/users/groups/bulkupdate.php or (2) instance_id parameter in tools/dashboard/sitemap_drag_request.php.

Remediation

References

CVE-2014-9526

Related Vulnerabilities

Oracle JRE CVE-2013-2469 Vulnerability (CVE-2013-2469)

XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29512)

Drupal Improper Input Validation Vulnerability (CVE-2014-5019)

WordPress Plugin Ready! Ecommerce Shopping Cart Multiple Cross-Site Request Forgery Vulnerabilities (0.5.0)

WordPress Plugin ZTR Zeumic Work Timer Multiple Unspecified Vulnerabilities (1.0.6)

Severity

Medium

Classification

CVE-2014-9526 CWE-707

Tags

Missing Update Known Vulnerabilities