Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-8699-h45g-7hm8

Опубликовано: 06 июл. 2023
Источник: github
Github: Прошло ревью
CVSS3: 4.8

Описание

Concrete CMS Cross-site Scripting vulnerability

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS allows association with an entity name that doesn’t exist or, if it does exist, contains XSS since it was not properly sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.

Ссылки

Пакеты

Наименование

concrete5/concrete5

composer
Затронутые версииВерсия исправления

< 8.5.10

8.5.10

Наименование

concrete5/concrete5

composer
Затронутые версииВерсия исправления

>= 9.0.0, < 9.1.3

9.1.3

EPSS

Процентиль: 66%
0.00524
Низкий

4.8 Medium

CVSS3

CVE ID

CVE-2022-43695

Дефекты

CWE-77
CWE-79

Связанные уязвимости

nvd логотип

CVE-2022-43695

CVSS3: 4.8
nvd
около 3 лет назад

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS allows association with an entity name that doesn’t exist or, if it does exist, contains XSS since it was not properly sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.

EPSS

Процентиль: 66%
0.00524
Низкий

4.8 Medium

CVSS3

CVE ID

CVE-2022-43695

Дефекты

CWE-77
CWE-79