Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0ybXZnLWM2bWctM3E2M83vUA
Concrete CMS vulnerable to cross-site scripting (XSS)
concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header. This is stored and allows for arbitrary domains to be set for certain links displayed to subsequent visitors, potentially an XSS vector.
Permalink: https://github.com/advisories/GHSA-2mvg-c6mg-3q63JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0ybXZnLWM2bWctM3E2M83vUA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: about 1 year ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Percentage: 0.00436
EPSS Percentile: 0.75185
Identifiers: GHSA-2mvg-c6mg-3q63, CVE-2017-7725
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-7725
- https://hackerone.com/reports/148300
- https://packetstormsecurity.com/files/142145/concrete5-8.1.0-Host-Header-Injection.html
- https://www.exploit-db.com/exploits/41885/
- http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-INJECTION.txt
- https://web.archive.org/web/20210124030008/https://www.securityfocus.com/bid/97649/
- https://github.com/advisories/GHSA-2mvg-c6mg-3q63
Affected Packages
packagist:concrete5/concrete5
Dependent packages: 4Dependent repositories: 7
Downloads: 2,219 total
Affected Version Ranges: <= 8.1.0
No known fixed version
All affected versions: 8.0.1, 8.0.2, 8.0.3, 8.1.0