CVE-2022-43692

🗓️ 14 Nov 2022 00:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 65 Views

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS - user can cause an administrator to trigger reflected XSS with a url if the targeted administrator is using an old browser that lacks XSS protection. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+

Reporter	Title	Published	Views	Family All 11
CNNVD	PortlandLabs Concrete CMS 跨站脚本漏洞	14 Nov 202200:00	–	cnnvd
Cvelist	CVE-2022-43692	14 Nov 202200:00	–	cvelist
EUVD	EUVD-2022-7424	3 Oct 202520:07	–	euvd
Github Security Blog	Concrete CMS vulnerable to Reflected Cross-site Scripting	15 Nov 202212:00	–	github
NVD	CVE-2022-43692	14 Nov 202219:15	–	nvd
OSV	GHSA-RG6W-C352-P8PG Concrete CMS vulnerable to Reflected Cross-site Scripting	15 Nov 202212:00	–	osv
Prion	Cross site scripting	14 Nov 202219:15	–	prion
Positive Technologies	PT-2022-27008 · Unknown · Concrete Cms	14 Nov 202200:00	–	ptsecurity
RedhatCVE	CVE-2022-43692	23 May 202501:24	–	redhatcve
Veracode	Cross-Site Scripting (XSS)	15 Nov 202207:06	–	veracode

NVD

Node

concretecms concrete_cmsRange<8.5.10

concretecms concrete_cmsRange9.0.0–9.1.2

Source	Link
documentation	www.documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
github	www.github.com/concretecms/concretecms/releases/8.5.10
documentation	www.documentation.concretecms.org/developers/introduction/version-history/913-release-notes
github	www.github.com/concretecms/concretecms/releases/9.1.3
concretecms	www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31

30 Apr 2025 16:15Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.16.1

EPSS0.00656

SSVC

CWE-79