concrete5/concrete5 is vulnerable to Cross-site Scripting (XSS). The vulnerability exists in due to lack of sanitization when saving presets on search which allows an attacker to inject and execute arbitrary javascript.
CPE | Name | Operator | Version |
---|---|---|---|
concrete5/concrete5 | le | 9.1.3 | |
concrete5/concrete5 | le | 9.1.3 |
concretecms.com
github.com/advisories/GHSA-2j26-j953-2rph
github.com/concretecms/concretecms/commit/225c84950983c8c6427bc7a3a9515d8f761b4c9a
github.com/concretecms/concretecms/pull/10996
github.com/concretecms/concretecms/releases/tag/9.2.0
www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates
www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20