PT-2023-30871 · Unknown · Concrete Cms
Silvereniqmain
+2
·
Publicado
2023-12-25
·
Atualizado
2024-12-16
·
CVE-2023-48650
CVSS v3.1
4.8
Média
| Vetor | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Concrete CMS versions 8.5.13 and earlier
Concrete CMS versions 9.0.0 through 9.2.2
Description
The issue allows an admin to add a stored XSS payload via the Layout Preset name, potentially affecting user interactions with the system.
Recommendations
For Concrete CMS versions 8.5.13 and earlier, update to version 8.5.14 or later.
For Concrete CMS versions 9.0.0 through 9.2.2, update to version 9.2.3 or later.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Concrete Cms