Lucene search
China National Vulnerability DatabaseCNVD-2022-54305HistoryJun 28, 2022 - 12:00 a.m.
PortlandLabs Concrete CMS Cross-Site Scripting Vulnerability (CNVD-2022-54305)
2022-06-2800:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
0.001 Low
EPSS
Percentile
36.9%
PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS, which originates in /dashboard/blocks/stacks/view_ details. The vulnerability stems from the lack of data validation filtering of user-supplied data and output in details, which can be exploited by attackers to execute JavaScript code on the client side.
| CPE | Name | Operator | Version |
|---|---|---|---|
| Portland Labs Concrete CMS | le | 8.5.7 | |
| Portland Labs Concrete CMS >=9.0.0, | le | 9.0.2 |
Related
cve
cve
CVE-2022-30120
2022-06-24 15:15:11
cvelist
cvelist
CVE-2022-30120
2022-06-24 15:00:06
github
github
Cross site scripting in Concrete CMS
2022-06-25 00:00:54
veracode
veracode
Cross-site Scripting (XSS)
2022-06-27 06:39:14
osv
osv
Cross site scripting in Concrete CMS
2022-06-25 00:00:54
prion
prion
Design/Logic Flaw
2022-06-24 15:15:00
nvd
nvd
CVE-2022-30120
2022-06-24 15:15:11