Cross-site Scripting (XSS)

concrete5/concrete5 is vulnerable to cross-site scripting XSS attacks. The library does not sanitize several parameters in web/concrete/singlepages/dashboard/users/groups/bulkupdate.php and web/concrete/tools/dashboard/sitemapdragrequest.php, allowing a malicious user to inject and execute...

Cross-site Scripting (XSS)

concrete5 is vulnerable to cross-site scripting XSS attacks. The library fails to sanitize user input to bulkupdate.php and sitemapdragrequest.php, allowing a malicious user to inject and execute arbitrary script...