Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies.
References
Configurations
History
21 Nov 2024, 07:55
Type | Values Removed | Values Added |
---|---|---|
References | () https://concretecms.com - Product | |
References | () https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release - | |
References | () https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20 - Vendor Advisory |
06 Dec 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies. | |
References |
|
05 May 2023, 14:51
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20 - Vendor Advisory | |
References | (MISC) https://concretecms.com - Product | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CPE | cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:* | |
CWE | NVD-CWE-Other |
28 Apr 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-28 14:15
Updated : 2024-11-21 07:55
NVD link : CVE-2023-28472
Mitre link : CVE-2023-28472
CVE.ORG link : CVE-2023-28472
JSON object : View
Products Affected
concretecms
- concrete_cms
CWE