concrete5 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2015-3989 - Vulnerability Database

concrete5

concrete5 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2015-3989

Medium

Reference: CVE-2015-3989

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-3989

Title: concrete5 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to private messages or other unspecified vectors.