Unrated severityNVD Advisory· Published Jun 17, 2019· Updated Aug 5, 2024
CVE-2018-19146
CVE-2018-19146
Description
Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML data with a SCRIPT element.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Concrete5/Concrete5description
Patches
Vulnerability mechanics
References
4- hackerone.com/concrete5mitrex_refsource_MISC
- hackerone.com/reports/437863mitrex_refsource_MISC
- www.concrete5.orgmitrex_refsource_MISC
- www.w3.org/TR/SVG2/intro.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.