Описание
Concrete CMS Cross-site Scripting via Survey Blocks
Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct Cross-site Scripting (XSS) attacks via a crafted survey block. This requires at least Editor privileges.
Пакеты
Наименование
concrete5/concrete5
composer
Затронутые версииВерсия исправления
< 8.5.5
8.5.5
Связанные уязвимости
CVSS3: 5.4
nvd
почти 5 лет назад
Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges.