Cross-site Scripting (XSS)
Concrete5 is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary web script because the library does not sanitize it's parameters before rendering them for display. The following fields are affected: bannedword in...