CVE-2017-7725

MEDIUM

concrete5 8.1.0 - XSS

Title source: llm

Description

concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored and allows for arbitrary domains to be set for certain links displayed to subsequent visitors, potentially an XSS vector.

Exploits (1)

exploitdb WORKING POC VERIFIED

by hyp3rlinx · textwebappsphp

https://www.exploit-db.com/exploits/41885

View Code ZIP pw:eip

References (5)

[Exploit, Third Party Advisory] http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-INJECTION.txt

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97649

[Exploit, Third Party Advisory, VDB Entry] https://hackerone.com/reports/148300

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/142145/concrete5-8.1.0-Host-Header-Injection.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/41885/

Scores

CVSS v3 6.1

EPSS 0.0362

EPSS Percentile 87.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

concrete5/concrete5 0Packagist

concretecms/concrete_cms 8.1.0

Published Apr 13, 2017

Tracked Since Feb 18, 2026