Lucene search

Veracode Vulnerability DatabaseVERACODE:38010

HistoryNov 16, 2022 - 3:06 a.m.

Cross-site Scripting (XSS)

2022-11-1603:06:14

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

concrete cms

cross-site scripting

vulnerability

xss

sanitization

javascript

attack

EPSS

0.001

Percentile

50.6%

JSON

Concrete CMS is vulnerable to cross-site scripting.The vulnerability exists in add.php due to a lack of sanitization of the entity name, which allows an attacker to inject and execute malicious JavaScript.

References

documentation.concretecms.org/developers/introduction/version-history/8510-release-notes

documentation.concretecms.org/developers/introduction/version-history/913-release-notes

github.com/concretecms/concretecms-core/commit/60c8ee4c3b1133b729696d210e523f279f9de33a

github.com/concretecms/concretecms-core/commit/d8f8128873c19ec915e394c7e1a3d49c4625c0e8

github.com/concretecms/concretecms/commit/46129ada9b00e5f7eebc4c6c46aba8bfdbee0ad5

github.com/concretecms/concretecms/commit/4fc7d1c72b8c8a622cc3d140390c7209f8af57ec

github.com/concretecms/concretecms/pull/10997

github.com/concretecms/concretecms/releases/8.5.10

github.com/concretecms/concretecms/releases/9.1.3

www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31

EPSS

0.001

Percentile

50.6%

JSON

Related for VERACODE:38010