A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=bandwidth_profile.htm of the component Web Management Interface. The manipulation of the argument BandWidthProfile.ProfileName leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227659. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

**Stored XSS in Netgear-SRX5308 Router****Overview**

    * Type: Stored XSS
    * Supplier: Netgear (https://www.netgear.com/)
    * URL: https://192.168.1.1/scgi-bin/platform.cgi?page=bandwidth_profile.htm
    * Product: SRX5308 – ProSAFE Quad WAN Gigabit SSL VPN Firewall
    * Affect version: (lastest) 4.3.5-3
    * Firmware download: https://www.downloads.netgear.com/files/GDC/SRX5308/SRX5308_V4.3.5-3.zip
    

**Description**

The stored XSS vulnerability is at the web management interface of the affected routers. The vulnerability results from improper validation of user-supplied input in the web-based management interface. An attacker could exploit the vulnerability by sending the crafted HTTP request to affected devices.

The injection exits at the parameter "BandWidthProfile.ProfileName" parameter which isn't sanitized.

**Business Impact**

The stored XSS vulnerability is severe and could result in serious damage. Thus the vulnerability is very dangerous which could also result in reputational damage for the business through the impact on customers' trust.

**Steps to Reproduce**

I have put the PoC (exp.py) in attachments, configure several parameters and execute it, you will see an alert window poping up. The parameters are as below:

1.  username, password: visit the device's web interface (default: admin, password).
2.  device\_web\_ip: web IP address of the target device.

**Proof of Concept**

After executing the PoC, the xss payload is injected into the device, then login the web through browser and visit victim url "https://192.168.1.1/scgi-bin/platform.cgi?page=bandwidth\_profile.htm", an alert window will pop up.

CVE-2023-2381: IoT/Netgear-SRX5308/6 at main · leetsun/IoT

Concrete CMS (previously concrete5) before 9.2 is vulnerable to stored XSS on API Integrations via the name parameter.

**Stored cross site scripting on API integration**

Moderate severity GitHub Reviewed Published Apr 28, 2023 to the GitHub Advisory Database • Updated May 1, 2023

GHSA-xfmj-r86m-j2hr: Stored cross site scripting on API integration

Concrete CMS (previously concrete5) before 9.1 is vulnerable to Stored XSS in uploaded file and folder names.

**Stored cross site scripting**

Low severity GitHub Reviewed Published Apr 28, 2023 to the GitHub Advisory Database • Updated May 1, 2023

GHSA-474f-mcjv-pgrm: Stored cross site scripting

Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized.

**Stored cross site scripting in RSS displayer**

Low severity GitHub Reviewed Published Apr 28, 2023 to the GitHub Advisory Database • Updated May 1, 2023

GHSA-fgxj-g7x3-85cq: Stored cross site scripting in RSS displayer

Concrete CMS (previously concrete5) before 9.2 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized.

**Reflected cross site scripting**

Low severity GitHub Reviewed Published Apr 28, 2023 to the GitHub Advisory Database • Updated May 1, 2023

GHSA-vcpr-hm2m-gjjj: Reflected cross site scripting

Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name.

**Stored cross site scripting via container name**

Moderate severity GitHub Reviewed Published Apr 28, 2023 to the GitHub Advisory Database • Updated May 1, 2023

GHSA-9h33-5fxw-r2xv: Stored cross site scripting via container name

Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Saved Presets on search.

**Stored cross site scripting on saved presets**

Moderate severity GitHub Reviewed Published Apr 28, 2023 to the GitHub Advisory Database • Updated May 1, 2023

GHSA-2j26-j953-2rph: Stored cross site scripting on saved presets

Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Tags on uploaded files.

**Stored cross site scripting on tags**

Moderate severity GitHub Reviewed Published Apr 28, 2023 to the GitHub Advisory Database • Updated May 5, 2023

GHSA-2ggc-552c-rmqr: Stored cross site scripting on tags

Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets.

CVE-2023-28821: Releases · concretecms/concretecms

**Trusted by the best**

In a crowded marketspace, Concrete stands out as a solution that pairs robust functionality with ease of use and a low cost of deployment.

Ben Dickie Research Director - Enterprise Applications at Info-Tech Research Group

Listen to our Customers

**Read More Reviews**

**In-Context Editing**

*   Effortlessly edit your website like you're writing a document.
*   New content editors can be trained in minutes flat.
*   Better tools make better work. Enjoy the process.

  
Schedule Demo

Because the system is a pleasure to use for our authors, our content is fresher.

Stefan Glut Online Communications Officer, BASF Corporation

**Powerful Permissions**

*   User roles and groups provide a powerful tool for managing access control and permissions, ensuring that your website is secure and accessible to authorized users only.
*   Granular permissions that let you control every aspect of your website with ease.
*   Transform your content editing process with efficient and secure approval workflows.
*   Streamline collaboration on your website with Concrete CMS.
*   Track changes made to your website with a complete record of who made each change.
*   Review, compare, and roll back to previous versions. 

  
Schedule Demo

Amazing and really well thought out CMS. Great for editors and very good for developers to build off.

Tim Macknelly Creative Director, TM Designs

**Secure & Supported**

*   You get a fully ISO:27001 solution out of the box.
*   All our hosting is SOC 2 Security and Availability Certified and HIPAA Compliant.
*   Used by the U.S. Army. Choose to host your site with us to meet any unique compliance and security needs your organization may have. 

  
Schedule Demo

Concrete CMS powers an Army web presence that hundreds of editors use with very limited training. It also meets our complex security and compliance requirements.

Melanie Reagin U.S. Army, IMCOM

The Basketball Hall of Fame Scores Big With A Concrete CMS-Powered Website

Apr 27, 2023

Explore the Basketball Hall of Fame's website, built with Concrete CMS for a slam dunk user experience. Learn about the history and legacy of basketball while staying up-to-date with the latest events and guest appearances by basketball legends.

Ways to Contribute to FOSS Beyond Development

Apr 25, 2023

Discover how non-developers can make valuable contributions to Free and Open Source Software (FOSS) through documentation, translation, design, support, marketing, and testing. Learn how to get involved and make a difference in the FOSS community.

The Power of Concrete CMS: Goodwill of Western and Northern Connecticut and Walk Japan's Success Stories

Apr 20, 2023

Find out how Concrete CMS helped Goodwill of Western and Northern Connecticut and Walk Japan make their websites better and attract more customers. Thanks to Concrete CMS, they were able to make their sites easy to use and reliable, resulting in happier customers and more money in their pockets.

Tag

#xss