CVE-2022-43694

2022-11-1400:00:00

mitre

www.cve.org

concrete cms

reflected xss

image manipulation

0.001 Low

EPSS

Percentile

44.9%

JSON

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output.

References

documentation.concretecms.org/developers/introduction/version-history/8510-release-notes

documentation.concretecms.org/developers/introduction/version-history/913-release-notes

github.com/concretecms/concretecms/releases/8.5.10

github.com/concretecms/concretecms/releases/9.1.3

www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31

0.001 Low

EPSS

Percentile

44.9%

JSON

Related for CVELIST:CVE-2022-43694