Description
Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML data with a SCRIPT element.
Remediation
References
Related Vulnerabilities
MySQL CVE-2020-2804 Vulnerability (CVE-2020-2804)
WordPress Plugin Slimstat Analytics SQL Injection (3.9.5)
Caddy Web Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28923)
WordPress Plugin Edit Author Slug Cross-Site Scripting (1.0.5.1)
WordPress Plugin Parcel Tracker eCourier Cross-Site Request Forgery (1.0.1)