GHSA-fgxj-g7x3-85cq

Опубликовано: 28 апр. 2023

Источник: github

Github: Прошло ревью

CVSS3: 2

Описание

Stored cross site scripting in RSS displayer

Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2023-28820
https://github.com/concretecms/concretecms/releases
https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20

Пакеты

Наименование

concrete5/concrete5

composer

Затронутые версииВерсия исправления

< 9.1.0

9.1.0

EPSS

Процентиль: 71%

0.00688

Низкий

2 Low

CVSS3

CVE ID

CVE-2023-28820

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-28820

CVSS3: 2

nvd

почти 3 года назад

Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized.

EPSS

Процентиль: 71%

0.00688

Низкий

2 Low

CVSS3

CVE ID

CVE-2023-28820

Дефекты

CWE-79