Description
Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML data with a SCRIPT element.
Remediation
References
Related Vulnerabilities
MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2022-47927)
WordPress Plugin Dharma booking Local/Remote File Inclusion (2.38.3)
WordPress Plugin Admin Management Xtended Privilege Escalation (2.4.0)
WordPress Plugin Email Verification for WooCommerce Unspecified Vulnerability (1.8.1)