CVE-2014-5108

2014-07-28T15:55:00
ID CVE-2014-5108
Type cve
Reporter cve@mitre.org
Modified 2017-11-20T18:44:00

Description

Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/download_file.