CVE

CVE-2023-28475

CVE-2023-28475

Concrete CMS (previously concrete5) before 9.2 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized.

Source: CVE-2023-28475

Exit mobile version