3.1 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
6.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
concrete5/concrete5 is vulnerable to Cross Site Scripting. The vulnerability is due to insufficient validation of administrator provided data in the Advanced File Search Filter, allowing rogue administrators to add malicious code in the file manager.
CPE | Name | Operator | Version |
---|---|---|---|
concrete5/concrete5 | le | 8.5.15 | |
concrete5/concrete5 | le | 9.2.7 | |
concrete5/concrete5 | le | 8.5.15 | |
concrete5/concrete5 | le | 9.2.7 |
documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
github.com/advisories/GHSA-xwrh-qxmc-x8c8
github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904
3.1 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
6.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%