Lucene search
PRIOn knowledge basePRION:CVE-2023-44766HistoryOct 06, 2023 - 1:15 p.m.
Cross site scripting
2023-10-0613:15:00
PRIOn knowledge base
www.prio-n.com
8
cross site scripting
concrete cms
version 9.2.1
arbitrary code execution
seo - extra
security vulnerability
A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE: the vendor disputes this because this SEO-related header change can only be made by an admin, and allowing an admin to place JavaScript there is an intentional customization feature.
| CPE | Name | Operator | Version |
|---|---|---|---|
| concrete_cms | eq | 9.2.1 |
Related
cve
cve
CVE-2023-44766
2023-10-06 13:15:12
cnvd
cnvd
github
github
ConcreteCMS Cross-site Scripting vulnerability
2023-10-06 15:30:20
veracode
veracode
Cross Site Scripting
2023-10-10 15:09:45
cvelist
cvelist
CVE-2023-44766
2023-10-06 00:00:00
nvd
nvd
CVE-2023-44766
2023-10-06 13:15:12
osv
osv
Concrete CMS Cross-site Scripting vulnerability
2023-10-24 00:31:07
ConcreteCMS Cross-site Scripting vulnerability
2023-10-06 15:30:20