Concrete CMS (previously concrete5) prior to 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
concretecms concrete cms |