Re: [FD] Concrete5 Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-2250

> > Advisory Timeline > > 05/03/2015 - First Contact > 06/05/2015 - Vulnerability fixed > 11/05/2015 - Advisory released > I'm honestly surprised it took their team two months to fix this. I've previously reported issues via HackerOne and they were on it within a day. If anyo

[FD] Concrete5 Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-2250

Information Advisory by Netsparker. Name: Multiple XSS Vulnerabilities in Concrete5 Affected Software : Concrete5 Affected Versions: 5.7.3.1 and possibly below Vendor Homepage : https://www.concrete5.org Vulnerability Type : Cross-site Scripting Severity : Important CVE-ID: CVE