concrete5/concrete5 is vulnerable to cross-site scripting attacks. The library does not sanitize imported SVG files, allowing a malicious user to inject and execute arbitrary web script into a victim’s browser.
CPE | Name | Operator | Version |
---|---|---|---|
concrete5/concrete5 | le | 8.4.5 |