Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 up to and including 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
concretecms concrete cms |