exploitDog

CVE-2023-49337

Опубликовано: 29 фев. 2024

Источник: nvd

CVSS3: 2.4

CVSS3: 4.8

EPSS Низкий

Описание

Concrete CMS before 9.2.3 allows Stored XSS on the Admin Dashboard via /dashboard/system/basics/name. (8.5 and earlier are unaffected.)

Ссылки

https://github.com/concretecms/concretecms/commit/07b433799b888c4eb854e052ca58b032ebc6d36f
Patch
https://hackerone.com/reports/2232594
Permissions Required
https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates
Vendor Advisory
https://github.com/concretecms/concretecms/commit/07b433799b888c4eb854e052ca58b032ebc6d36f
Patch
https://hackerone.com/reports/2232594
Permissions Required
https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*

Версия от 9.0.0 (включая) до 9.2.3 (исключая)

EPSS

Процентиль: 63%

0.00457

Низкий

2.4 Low

CVSS3

4.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-9xxv-q6pp-96wq

CVSS3: 2.4

github

почти 2 года назад

Concrete CMS Stored XSS

EPSS

Процентиль: 63%

0.00457

Низкий

2.4 Low

CVSS3

4.8 Medium

CVSS3

Дефекты

CWE-79