# Exploit Title: Concrete5 220.127.116.11 Multiple Authenticated Cross-Site Scripting (XSS)
# Date: 2012-08-25
# Author: Ryan ‘ethicalhack3r’ Dewhurst (www.ethicalhack3r.co.uk)
# Software Link: http://sourceforge.net/projects/concretecms/files/concrete5/18.104.22.168/
# Version: 22.214.171.124
Multiple authenticated Cross-Site Scripting (XSS) vulnerabilities were identified within Concrete5 version 126.96.36.199. Also reported were some cookie security improvements. The first Concrete5 advisory can be found here .
CMS made for Marketing but built for Geeks, concrete5  is a content management system that is free and open source.
3. Vulnerability Information
3.1 Cross-Site Scripting (XSS)
Parameters: ccm-submit-button, searchInstance
Parameters: numResults, searchInstance & searchType
Parameters: cID, sitemap_select_mode
Parameters: mode, numResults & searchType
3.2 Cookie Security
Current cookie name/value: CONCRETE5=6amek9tk8549gisbhsqcpi0ku6;
The ‘httpOnly’ and ‘secure’ flags should be set as well as an expiry time/date.
2012-07-24 – Reported to vendor
2012-07-24 – Vendor acknowledged
2012-08-25 – Vulnerability Disclosed