CVE-2021-41461

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/concrete5/concrete5

Identifier

CVE-2021-41461

Package Slug

packagist/concrete5/concrete5

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy allows remote attackers to inject arbitrary web script or HTML via the mode parameter.

Affected Versions

All versions up to 5.6.4.0

Solution

Upgrade to version 8.0 or above.

Last Modified

2021-10-10

source