Description
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI.
Remediation
References
Related Vulnerabilities
WordPress Plugin NextGEN Gallery-WordPress Gallery Directory Traversal (2.1.9)
Oracle Application Server Other Vulnerability (CVE-2001-1217)
WordPress Plugin WordPress Custom Global Variable Unspecified Vulnerability (3.0.0)
IBM WebSEAL Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-4699)
ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-4391)