Description
An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (disable_choose) passed to the "concrete5-legacy-master/web/concrete/tools/files/search_dialog.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2006-0256 Vulnerability (CVE-2006-0256)
WordPress Plugin PDF & Print by BestWebSoft Cross-Site Scripting (1.9.3)
WordPress Plugin Wordfence Security-Firewall & Malware Scan Multiple Vulnerabilities (7.1.12)
Oracle JRE Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0422)