Lucene search

PRIOn knowledge basePRION:CVE-2023-28472

HistoryApr 28, 2023 - 2:15 p.m.

Code injection

2023-04-2814:15:00

PRIOn knowledge base

www.prio-n.com

code injection

concrete cms

security attribute

http only

ccmpoll cookies

nvd

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.6%

JSON

Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies.

CPENameOperatorVersion
concrete_cmslt9.2.0

CPE	Name	Operator	Version
	concrete_cms	lt	9.2.0

References

concretecms.com

www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release

www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20