Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-9jc5-9wh5-mc36

Опубликовано: 15 нояб. 2022
Источник: github
Github: Прошло ревью
CVSS3: 4.8

Описание

Concrete CMS vulnerable to Cross-site Scripting

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in icons since the Microsoft application tile color is not sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.

Ссылки

Пакеты

Наименование

concrete5/concrete5

composer
Затронутые версииВерсия исправления

< 8.5.10

8.5.10

Наименование

concrete5/concrete5

composer
Затронутые версииВерсия исправления

>= 9.0.0, < 9.1.3

9.1.3

EPSS

Процентиль: 65%
0.00481
Низкий

4.8 Medium

CVSS3

CVE ID

CVE-2022-43688

Дефекты

CWE-79

Связанные уязвимости

nvd логотип

CVE-2022-43688

CVSS3: 4.8
nvd
около 3 лет назад

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in icons since the Microsoft application tile color is not sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.

EPSS

Процентиль: 65%
0.00481
Низкий

4.8 Medium

CVSS3

CVE ID

CVE-2022-43688

Дефекты

CWE-79