PT-2023-21987 · Unknown · Concrete Cms
Solov9Ev
·
Published
2023-04-28
·
Updated
2023-12-06
·
CVE-2023-28819
CVSS v3.1
3.5
Low
| Vector | AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Concrete CMS (previously concrete5) versions 8.5.12 and below
Concrete CMS (previously concrete5) versions 9.0.0 through 9.0.2
Description
The issue is related to Stored XSS in uploaded file and folder names.
Recommendations
For Concrete CMS (previously concrete5) versions 8.5.12 and below, update to version 9.1 or later.
For Concrete CMS (previously concrete5) versions 9.0.0 through 9.0.2, update to version 9.1 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Concrete Cms