CVE-2021-40105
Concrete CMS up to version 8.5.5 is affected by a cross-site scripting (XSS) vulnerability via the Markdown Comments field. The root cause is improper sanitization/display handling in Markdown Comments, enabling an attacker to inject script through that field. Impact is described as XSS (no expli...