CVE-2014-5108

Concrete5 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/download_file.

References (4)

Scores

EPSS 0.0045
EPSS Percentile 63.4%

Details

CWE
CWE-79
Status published
Products (16)
concrete5/concrete5
concrete5/concrete5
concrete5/concrete5
concrete5/concrete5
concrete5/concrete5
concrete5/concrete5
concrete5/concrete5
concretecms/concrete_cms
concretecms/concrete_cms
concretecms/concrete_cms
... and 6 more
Published Jul 28, 2014
Tracked Since Feb 18, 2026