| 标题 | Concretecms 9.3.9 XSS |
|---|
| 描述 | ConcreteCMS v9.3.9 suffers from a Stored Cross-Site Scripting (XSS) vulnerability in the Paragraph Source field when adding a Feature block. This vulnerability allows attackers to cheat other users by injecting malicious scripts into web pages viewed by other users. |
|---|
| 来源 | ⚠️ https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc6.md |
|---|
| 用户 | yaowenxiao (UID 82929) |
|---|
| 提交 | 2025-03-18 10時23分 (1 年前) |
|---|
| 管理 | 2025-03-30 09時16分 (12 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 302020 [ConcreteCMS 直到 9.3.9 Feature Block save Paragraph Source 跨网站脚本] |
|---|
| 积分 | 16 |
|---|