2 matches found
CVE-2022-43688
Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting XSS in icons since the Microsoft application tile color is not sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+...
CVE-2022-43688
CVE-2022-43688 affects Concrete CMS (concrete5) versions prior to 8.5.10 and 9.0.0–9.1.2. The issue is a Stored Cross-Site Scripting (XSS) in icons caused by the Microsoft application tile color not being sanitized. Impact is Limited/Low (per CVSS) with potential for code execution in browsers un...