GHSA-vcpr-hm2m-gjjj

Опубликовано: 28 апр. 2023

Источник: github

Github: Прошло ревью

CVSS3: 6.1

Описание

Reflected cross site scripting

Concrete CMS (previously concrete5) before 9.2 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2023-28475
https://github.com/concretecms/concretecms/commit/861ba66d248165c9ee9d6d11a0457908b97d68f0
https://concretecms.com
https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release
https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20

Пакеты

Наименование

concrete5/concrete5

composer

Затронутые версииВерсия исправления

< 9.2.0

9.2.0

EPSS

Процентиль: 80%

0.01329

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2023-28475

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-28475

CVSS3: 6.1

nvd

почти 3 года назад

Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized.

EPSS

Процентиль: 80%

0.01329

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2023-28475

Дефекты

CWE-79