PT-2023-30871 · Unknown · Concrete Cms
Silvereniqmain
+2
·
Published
2023-12-25
·
Updated
2024-12-16
·
CVE-2023-48650
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Concrete CMS versions 8.5.13 and earlier
Concrete CMS versions 9.0.0 through 9.2.2
Description
The issue allows an admin to add a stored XSS payload via the Layout Preset name, potentially affecting user interactions with the system.
Recommendations
For Concrete CMS versions 8.5.13 and earlier, update to version 8.5.14 or later.
For Concrete CMS versions 9.0.0 through 9.2.2, update to version 9.2.3 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Concrete Cms