Description
Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/dashboard/users/groups/bulkupdate.php or (2) instance_id parameter in tools/dashboard/sitemap_drag_request.php.
Remediation
References
Related Vulnerabilities
phpMyAdmin Improper Authentication Vulnerability (CVE-2010-4481)
phpMyFAQ Improper Access Control Vulnerability (CVE-2023-1883)
Ruby Improper Restriction of XML External Entity Reference Vulnerability (CVE-2021-28965)
MySQL CVE-2016-0658 Vulnerability (CVE-2016-0658)
WordPress Plugin WP Accessibility Cross-Site Scripting (1.6.10)