Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter.
References
Configurations
History
06 Dec 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter. | |
References |
|
05 May 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:* | |
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
References | (MISC) https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20 - Vendor Advisory | |
References | (MISC) https://concretecms.com - Product |
28 Apr 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-28 14:15
Updated : 2024-02-04 23:37
NVD link : CVE-2023-28477
Mitre link : CVE-2023-28477
CVE.ORG link : CVE-2023-28477
JSON object : View
Products Affected
concretecms
- concrete_cms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')