Description
Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/download_file.
Remediation
References
Related Vulnerabilities
WordPress Plugin Google Alert And Twitter Multiple Vulnerabilities (3.1.5)
WordPress Plugin NextGEN Gallery-WordPress Gallery 'Gallery Path' Field Cross-Site Scripting (1.9.5)
WordPress Plugin WP-Polls Cross-Site Scripting (2.60)
Vanilla Forums CVE-2013-3528 Vulnerability (CVE-2013-3528)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-26071)