CVE-2021-41464

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/concrete5/concrete5

Identifier

CVE-2021-41464

Package Slug

packagist/concrete5/concrete5

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy allows remote attackers to inject arbitrary web script or HTML via the rel parameter.

Affected Versions

All versions up to 5.6.4.0

Solution

Upgrade to version 8.0 or above.

Last Modified

2021-10-10

source