Количество 2
Количество 2
CVE-2023-44766
A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE: the vendor disputes this because this SEO-related header change can only be made by an admin, and allowing an admin to place JavaScript there is an intentional customization feature.
GHSA-437p-jfm4-2387
ConcreteCMS Cross-site Scripting vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-44766 A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE: the vendor disputes this because this SEO-related header change can only be made by an admin, and allowing an admin to place JavaScript there is an intentional customization feature. | CVSS3: 4.8 | 0% Низкий | больше 2 лет назад |
| GHSA-437p-jfm4-2387 ConcreteCMS Cross-site Scripting vulnerability | CVSS3: 5.4 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу