Description
Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML data with a SCRIPT element.
Remediation
References
Related Vulnerabilities
Django Resource Management Errors Vulnerability (CVE-2011-4137)
WordPress Plugin WooCommerce Upload My File Cross-Site Request Forgery (0.3.9)
WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads PHP Code Injection (1.3)
WordPress Plugin WP-Lister Lite for Amazon Cross-Site Scripting (2.4.3)