CVE-2023-28820

CVSS 2 LOWEPSS 0.4%CWE-79

Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized.

CVSS:3.1/AC:H/AV:N/A:N/C:L/I:N/PR:H/S:U/UI:R

Produtos afetados

n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/concretecms/concretecms/releases https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20