2 matches found
CVE-2018-19146
Concrete5 8.4.3 has XSS because config/concrete.php allows uploads by administrators of SVG files that may contain HTML data with a SCRIPT element...
CVE-2018-19146
CVE-2018-19146 affects Concrete5 8.4.3. The issue is a stored XSS caused by config/concrete.php allowing administrators to upload SVG files that may contain HTML data with a SCRIPT element. Impact is an XSS vulnerability in Concrete5’s SVG handling, with no further exploit details or affected ver...