Lucene search
HackeroneCVELIST:CVE-2022-43556HistoryDec 05, 2022 - 12:00 a.m.
CVE-2022-43556
2022-12-0500:00:00
CWE-79
hackerone
www.cve.org
concrete cms
xss
input field
vulnerability
security team
cvss v3.1
update
0.001 Low
EPSS
Percentile
35.9%
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Thanks @akbar_jafarli for reporting. Remediate by updating to Concrete CMS 8.5.10 and Concrete CMS 9.1.3.
CNA Affected
[
{
"vendor": "n/a",
"product": "https://github.com/concretecms/concretecms",
"versions": [
{
"version": "Fixed in Concrete CMS 8.5.10 and Concrete CMS 9.1.3",
"status": "affected"
}
]
}
]Related
veracode
veracode
Cross-Site Scripting (XSS)
2022-12-06 06:09:35
prion
prion
Design/Logic Flaw
2022-12-05 22:15:00
cve
cve
CVE-2022-43556
2022-12-05 22:15:11
osv
osv
Concrete CMS vulnerable to cross-site scripting in the text input field
2022-12-06 00:30:16
CVE-2022-43556
2022-12-05 22:15:11
github
github
Concrete CMS vulnerable to cross-site scripting in the text input field
2022-12-06 00:30:16
nvd
nvd
CVE-2022-43556
2022-12-05 22:15:11