2 matches found
CVE-2023-28475
Concrete CMS previously concrete5 versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized...
CVE-2023-28475
Concrete CMS (formerly concrete5) is affected by a Reflected XSS in the Reply form due to msgID not being sanitized. Affected versions: 8.5.12 and earlier, and 9.0–9.1.3. Impact per sources: potential to inject/execute arbitrary script in the browser. Remediation: upgrade to 9.2+ (patch versions ...