Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized.
References
Configurations
History
21 Nov 2024, 07:55
Type | Values Removed | Values Added |
---|---|---|
References | () https://concretecms.com - Product | |
References | () https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release - | |
References | () https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20 - Vendor Advisory |
06 Dec 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized. | |
References |
|
05 May 2023, 14:25
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CPE | cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:* | |
CWE | CWE-79 | |
References | (MISC) https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20 - Vendor Advisory | |
References | (MISC) https://concretecms.com - Product |
28 Apr 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-28 14:15
Updated : 2024-11-21 07:55
NVD link : CVE-2023-28475
Mitre link : CVE-2023-28475
CVE.ORG link : CVE-2023-28475
JSON object : View
Products Affected
concretecms
- concrete_cms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')