exploitDog

CVE-2023-44764

Опубликовано: 06 окт. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

A Cross Site Scripting (XSS) vulnerability in Concrete CMS before 9.2.3 exists via the Name parameter during installation (aka Site of Installation or Settings).

Ссылки

https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes
https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Site_Installation
Exploit
Third Party Advisory
https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes
https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Site_Installation
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:concretecms:concrete_cms:9.2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00214

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-j6h5-ggv2-3rfv

CVSS3: 5.4

github

больше 2 лет назад

ConcreteCMS Cross-site Scripting vulnerability

EPSS

Процентиль: 44%

0.00214

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79