Описание
Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names.
Ссылки
- Release Notes
- Vendor Advisory
- Release Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 9.1.0 (исключая)
cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.02042
Низкий
3.5 Low
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 3.5
github
почти 3 года назад
Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names
EPSS
Процентиль: 83%
0.02042
Низкий
3.5 Low
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79