Veracode Vulnerability DatabaseVERACODE:46196Cross Site Scripting
3.1 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
6.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
concrete5/concrete5 is vulnerable to Cross Site Scripting. The vulnerability is due to insufficient validation of administrator provided data in the Advanced File Search Filter, allowing rogue administrators to add malicious code in the file manager.
| CPE | Name | Operator | Version |
|---|---|---|---|
| concrete5/concrete5 | le | 8.5.15 | |
| concrete5/concrete5 | le | 9.2.7 | |
| concrete5/concrete5 | le | 8.5.15 | |
| concrete5/concrete5 | le | 9.2.7 |
References
documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
github.com/advisories/GHSA-xwrh-qxmc-x8c8
github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904
Related
3.1 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
6.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%