Multiple Stored Cross Site Scripting Vulnerabilities in Concrete5 version 5.7.3.1

Disclosed: 2016-06-26 18:28:25 By egix To concretecms

Unknown

Vulnerability Details

Concrete5 is vulnerable to some stored Cross Site Scripting (XSS) attacks because certain user input is being used within the output it generates without validating or encoding it.

Actions

View on HackerOne

Report Stats

Report ID: 59662
State: Closed
Substate: resolved
Upvotes: 3

Multiple Stored Cross Site Scripting Vulnerabilities in Concrete5 version 5.7.3.1

Vulnerability Details

Actions

Report Stats

Share this report