Concrete5 Security Advisory – Multiple XSS Vulnerabilities – CVE-2015-2250

Posted by Onur Yilmaz on May 13

Information
——————–
Advisory by Netsparker.
Name: Multiple XSS Vulnerabilities in Concrete5
Affected Software : Concrete5
Affected Versions: 5.7.3.1 and possibly below
Vendor Homepage : https://www.concrete5.org
Vulnerability Type : Cross-site Scripting
Severity : Important
CVE-ID: CVE-2015-2250
Netsparker Advisory Reference : NS-15-008

Description
——————–
By exploiting a Cross-site scripting vulnerability the attacker…

Leave a Reply