PT-2023-21987 · Unknown · Concrete Cms
Solov9Ev
·
Publicado
2023-04-28
·
Atualizado
2023-12-06
·
CVE-2023-28819
CVSS v3.1
3.5
Baixa
| Vetor | AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Concrete CMS (previously concrete5) versions 8.5.12 and below
Concrete CMS (previously concrete5) versions 9.0.0 through 9.0.2
Description
The issue is related to Stored XSS in uploaded file and folder names.
Recommendations
For Concrete CMS (previously concrete5) versions 8.5.12 and below, update to version 9.1 or later.
For Concrete CMS (previously concrete5) versions 9.0.0 through 9.0.2, update to version 9.1 or later.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Concrete Cms