Concrete CMS is vulnerable to cross site scripting. The vulnerability exists because the Microsoft application tile color is not sanitized in header_required.php
, which allows remote attackers to inject and execute malicious code on the victim’s browser.
documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
documentation.concretecms.org/developers/introduction/version-history/913-release-notes
github.com/advisories/GHSA-9jc5-9wh5-mc36
github.com/concretecms/concretecms-core/commit/0ebb32a34abfeef6956c19dd9a53062bb5059936
github.com/concretecms/concretecms-core/commit/966fe7e3567ba3c25b25a7aad066512de5d08035
github.com/concretecms/concretecms/commit/51f19b377a19c97a8b8f1d4d0f13724ed1c7c7a7
github.com/concretecms/concretecms/commit/6d46ca042fcfeda0f7881d8744f5216ef1abce0e
github.com/concretecms/concretecms/releases/8.5.10
github.com/concretecms/concretecms/releases/9.1.3
www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31