|
Description
|
|
Multiple weaknesses and vulnerabilities have been discovered in concrete5, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting and request forgery attacks.
1) Input passed via the "approveImmediately" parameter to index.php/tools/required/edit_collection_popup.php (when "ctask" is set to "edit_metadata") is not properly sanitised in concrete/elements/collection_metadata.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Input passed to the "select_mode" and "cID" parameters in index.php/tools/required/sitemap_search_selector is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
3) Input passed to the "searchInstance" parameter in index.php/tools/required/files/edit (when "fID" is set) and index.php/tools/required/files/bulk_properties (when "fID" is valid and "uploaded" is set) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
4) Input passed to the "instance_id", "node", "display_mode", "select_mode", parameter in index.php/tools/required/dashboard/sitemap_data.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
5) Input passed to the "ocID" parameter in index.php/tools/required/files/import is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
6) Input passed to the "searchInstance" parameter in index.php/tools/required/files/import, index.php/tools/required/files/customise_search_columns, index.php/tools/required/files/delete_set, index.php/tools/required/files/search_results, index.php/tools/required/files/add_to, index.php/tools/required/files/replace, and index.php/tools/required/files/permissions is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities #1 through #6 are confirmed in version 5.5.2.1. Other versions may also be affected.
7) Input passed to the "ocID" parameter in index.php/tools/required/files/search_dialog is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
8) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change mail settings or delete form submissions if a logged-in user visits a malicious web site.
The vulnerabilities #7 and #8 are confirmed in version 5.6.1.2. Other versions may also be affected.
|
