Lucene search
PRIOn knowledge basePRION:CVE-2022-43556HistoryDec 05, 2022 - 10:15 p.m.
Design/Logic Flaw
2022-12-0522:15:00
PRIOn knowledge base
www.prio-n.com
5
concrete cms
xss vulnerability
update
security flaw
0.001 Low
EPSS
Percentile
35.9%
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Thanks @akbar_jafarli for reporting. Remediate by updating to Concrete CMS 8.5.10 and Concrete CMS 9.1.3.
| CPE | Name | Operator | Version |
|---|---|---|---|
| concrete_cms | lt | 8.5.10 | |
| concrete_cms | ge | 9.0.0 | |
| concrete_cms | le | 9.1.2 |
Related
veracode
veracode
Cross-Site Scripting (XSS)
2022-12-06 06:09:35
osv
osv
CVE-2022-43556
2022-12-05 22:15:11
Concrete CMS vulnerable to cross-site scripting in the text input field
2022-12-06 00:30:16
cve
cve
CVE-2022-43556
2022-12-05 22:15:11
github
github
Concrete CMS vulnerable to cross-site scripting in the text input field
2022-12-06 00:30:16
cvelist
cvelist
CVE-2022-43556
2022-12-05 00:00:00
nvd
nvd
CVE-2022-43556
2022-12-05 22:15:11