CVE-2023-28475

CVE-2023-28475

EPSS 0.6%

Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://concretecms.com https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20