Concrete CMS: Content Spoofing possible in concrete5.org
An attacker can include any arbitrary text using specially crafted concrete5 url. This is done using character /%0d%0a. Input https://www.concrete5.org/%0d%0ahas%20moved%20to%20www.evil.com.Please%20visit%20evil.com%20Present%20resource Output The requested URL / has moved to www.evil.com.Please...