CVE-2023-28820

CVSS 2 LOWEPSS 0.4%CWE-79

Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized.

CVSS:3.1/AC:H/AV:N/A:N/C:L/I:N/PR:H/S:U/UI:R

Productos afectados

n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/concretecms/concretecms/releases https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20