Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-04-28T00:00:00
Updated: 2023-12-06T08:19:40.327099
Reserved: 2023-03-15T00:00:00
Link: CVE-2023-28475
JSON object: View
NVD Information
Status : Modified
Published: 2023-04-28T14:15:10.523
Modified: 2023-12-06T09:15:07.690
Link: CVE-2023-28475
JSON object: View
Redhat Information
No data.
CWE