Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter.
References
Configurations
History
21 Nov 2024, 07:55
Type | Values Removed | Values Added |
---|---|---|
References | () https://concretecms.com - Product | |
References | () https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release - | |
References | () https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
06 Dec 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter. |
05 May 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:* | |
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
References | (MISC) https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20 - Vendor Advisory | |
References | (MISC) https://concretecms.com - Product |
28 Apr 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-28 14:15
Updated : 2024-11-21 07:55
NVD link : CVE-2023-28477
Mitre link : CVE-2023-28477
CVE.ORG link : CVE-2023-28477
JSON object : View
Products Affected
concretecms
- concrete_cms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')