Description

Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML data with a SCRIPT element.

Remediation

References

CVE-2018-19146

Related Vulnerabilities

Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-1810)

WordPress Plugin WordPress Popular Posts Cross-Site Scripting (3.3.2)

PHP Use After Free Vulnerability (CVE-2015-1351)

OpenSSL Cryptographic Issues Vulnerability (CVE-2013-0169)

Apache 2.x version older than 2.0.46

Severity

Medium

Classification

CVE-2018-19146 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities