CVE-2017-7725

Name of the Vulnerable Software and Affected Versions concrete5 version 8.1.0

Description The issue arises from incorrect trust in the HTTP Host header during caching, specifically when the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can exploit this by making a GET request with any domain name in the Host header, which is then stored. This allows for arbitrary domains to be set for certain links displayed to subsequent visitors, potentially leading to an XSS vector.

Recommendations For concrete5 version 8.1.0, consider defining a "canonical" URL on installation using the "Advanced Options" settings to prevent incorrect trust in the HTTP Host header. As a temporary workaround, restrict access to caching functionality until a proper fix is applied. Additionally, monitor and limit the domains that can be set for links displayed to visitors to minimize the risk of exploitation.