GHSA-xfmj-r86m-j2hr

Опубликовано: 28 апр. 2023

Источник: github

Github: Прошло ревью

CVSS3: 5.5

Описание

Stored cross site scripting on API integration

Concrete CMS (previously concrete5) before 9.2 is vulnerable to stored XSS on API Integrations via the name parameter.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2023-28477
https://github.com/concretecms/concretecms/commit/546cef6ec29208d5c079113635cd6e6b250e9f7c
https://concretecms.com
https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release
https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20

Пакеты

Наименование

concrete5/concrete5

composer

Затронутые версииВерсия исправления

< 9.2.0

9.2.0

EPSS

Процентиль: 76%

0.00962

Низкий

5.5 Medium

CVSS3

CVE ID

CVE-2023-28477

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-28477

CVSS3: 5.5

nvd

почти 3 года назад

Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter.

EPSS

Процентиль: 76%

0.00962

Низкий

5.5 Medium

CVSS3

CVE ID

CVE-2023-28477

Дефекты

CWE-79