VYPR
Medium severity6.1OSV Advisory· Published Mar 15, 2017· Updated Jun 17, 2026

CVE-2017-6905

CVE-2017-6905

Description

An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (disable_choose) passed to the "concrete5-legacy-master/web/concrete/tools/files/search_dialog.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Concrete5/Concrete5OSV2 versions
    5.4.2, 5.4.2.1, 5.4.2.2, …+ 1 more
    • (no CPE)range: 5.4.2, 5.4.2.1, 5.4.2.2, …
    • cpe:2.3:a:concrete5:concrete5:*:*:*:*:*:*:*:*range: <=5.6.3.4

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.