CVE-2014-5108

Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/download_file.

Published: Jul 28, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-5108
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
concretecms / concrete_cms	5.4.2.2	5.4.2.2.x
concretecms / concrete_cms	5.6.1.1	5.6.1.1.x
concretecms / concrete_cms	5.4.2	5.4.2.x
concretecms / concrete_cms	5.4.2.1	5.4.2.1.x
concretecms / concrete_cms	5.6.1.2	5.6.1.2.x
concretecms / concrete_cms	5.6.1	5.6.1.x
concretecms / concrete_cms	5.6.2.1	5.6.2.1.x
concretecms / concrete_cms	5.6.2	5.6.2.x
concrete5 / concrete5	5.5.0	5.5.0.x
concrete5 / concrete5	5.5.1	5.5.1.x
concrete5 / concrete5	5.5.2	5.5.2.x
concrete5 / concrete5	5.5.2.1	5.5.2.1.x
concrete5 / concrete5	5.6.0	5.6.0.x
concrete5 / concrete5	5.6.0.1	5.6.0.1.x
concrete5 / concrete5	5.6.0.2	5.6.0.2.x

Vulnerability Database

CVE-2014-5108