Описание
Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names
Concrete CMS (previously concrete5) before 9.1 is vulnerable to Stored XSS in uploaded file and folder names.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-28819
- https://github.com/concretecms/concretecms/pull/11749
- https://github.com/concretecms/concretecms/releases
- https://github.com/concretecms/concretecms/releases/tag/8.5.13
- https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release
- https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20
Пакеты
Наименование
concrete5/concrete5
composer
Затронутые версииВерсия исправления
< 9.1.0
9.1.0
Связанные уязвимости
CVSS3: 3.5
nvd
почти 3 года назад
Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names.