Description
Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to private messages or other unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin Wordspew 'id' Parameter SQL Injection (1.16)
WordPress Plugin Essential Grid Portfolio-Photo Gallery Security Bypass (1.1.2)
WordPress Plugin YITH WooCommerce Gift Cards Premium Arbitrary File Upload (3.19.0)
WordPress Plugin Simple Download Monitor Cross-Site Scripting (3.5.3)
WordPress Plugin E-Search Multiple Cross-Site Scripting Vulnerabilities (1.0)