2 matches found
CVE-2021-28145
Concrete CMS formerly concrete5 before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges...
CVE-2021-28145
Concrete CMS (formerly concrete5) before 8.5.5 is vulnerable to Cross-site Scripting via a crafted survey block when exploited by remote authenticated users with Editor privileges. The issue originates from the survey block handling in the CMS and is documented across multiple sources (NVD, Red H...