GHSA-pcrh-gj77-j4mwLow
Concrete CMS is vulnerable to Stored XSS via external-link page cvName
🔗 CVE IDs covered (1)
📋 Description
Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName because updateCollectionAliasExternal bypasses being sanitized.
🎯 Affected products1
- composer/concrete5/concrete5:< 9.5.1