Reflected XSS Vulnerability in Concrete CMS Reply Form

Reflected XSS Vulnerability in Concrete CMS Reply Form

CVE-2023-28475 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized.

Learn more about our Cms Pen Testing.