concrete5: XSS in Theme Preview Tools File

2014-03-25T19:02:57
ID H1:4777
Type hackerone
Reporter mkly
Modified 2014-08-28T18:37:39

Description

https://github.com/concrete5/concrete5/blob/master/web/concrete/tools/themes/preview.php#L7

Note that one of those values near the end is not escaped.