Lucene search
Veracode Vulnerability DatabaseVERACODE:40630HistoryMay 22, 2023 - 9:29 a.m.
Cross-site Scripting (XSS)
2023-05-2209:29:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
concrete5
vulnerability
cross-site scripting
sanitization
presets
search
attacker
javascript
0.001 Low
EPSS
Percentile
42.3%
concrete5/concrete5 is vulnerable to Cross-site Scripting (XSS). The vulnerability exists in due to lack of sanitization when saving presets on search which allows an attacker to inject and execute arbitrary javascript.
| CPE | Name | Operator | Version |
|---|---|---|---|
| concrete5/concrete5 | le | 9.1.3 | |
| concrete5/concrete5 | le | 9.1.3 |
References
concretecms.com
github.com/advisories/GHSA-2j26-j953-2rph
github.com/concretecms/concretecms/commit/225c84950983c8c6427bc7a3a9515d8f761b4c9a
github.com/concretecms/concretecms/pull/10996
github.com/concretecms/concretecms/releases/tag/9.2.0
www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates
www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20
Related
cve
cve
CVE-2023-28474
2023-04-28 14:15:10
prion
prion
Design/Logic Flaw
2023-04-28 14:15:00
github
github
Stored cross site scripting on saved presets
2023-04-28 15:30:18
cvelist
cvelist
CVE-2023-28474
2023-04-28 00:00:00
nvd
nvd
CVE-2023-28474
2023-04-28 14:15:10
osv
osv
Stored cross site scripting on saved presets
2023-04-28 15:30:18