Portlandlabs Concrete5 is an open source content management system (CMS) from PortlandLabs, Inc. A cross-site scripting vulnerability exists in Portlandlabs Concrete5 crete5-legacy 5.6.4.0 and prior versions, which can be exploited by remote attackers to inject arbitrary Web script or HTML via the “ctID” parameter to inject arbitrary web script or HTML.
CPE | Name | Operator | Version |
---|---|---|---|
PortlandLabs Concrete5 crete5-legacy <= 5. | eq | 6.4.0 |