CVE-2023-28472

Description

Concrete CMS (previously concrete5) before 9.2 does not have Secure and HTTP only attributes set for ccmPoll cookies.

Affected packages (1)

• Packagist/concrete5/concrete5from 0, < 9.2.0

CVSS scores

References (7)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-28472
• PATCHhttps://github.com/concretecms/concretecms
• WEBhttps://concretecms.com
• WEBhttps://github.com/concretecms/concretecms/pull/11749
• WEBhttps://github.com/concretecms/concretecms/releases/tag/8.5.13
• WEBhttps://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release
• WEBhttps://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20