Concrete CMS: Stored XSS in RSS Feeds Title (Concrete5 v8.1.0)
Summary / Description: The RSS Feeds Title pfTitle= parameter does not correctly sanitize user input. This allows HTML & Javascript to be stored and executed any time someone visits /index.php/dashboard/pages/feeds Steps to Reproduce 1. Open up Firefox 2. Login /index.php/login 3. Visit...