Description Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value. Remediation References CVE-2020-14961 Related Vulnerabilities WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark Cross-Site Scripting (2.5.7) Internet Information Services Other Vulnerability (CVE-1999-1035) WordPress Plugin Titan Framework Cross-Site Scripting (1.12.1) WordPress Plugin UPM Polls 'qid' Parameter SQL Injection (1.0.3) Joomla! Core Cross-Site Scripting (2.5.0 - 3.9.24) Severity Medium Classification CVE-2020-14961 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Tags Missing Update Known Vulnerabilities