CVE-2023-44763

Description

Concrete CMS v9.2.1 is affected by Arbitrary File Upload vulnerability via the Thumbnail file upload, which allows Cross-Site Scripting (XSS).

Affected packages (1)

• Packagist/concrete5/concrete5from 0, <= 9.2.1

CVSS scores

References (5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-44763
• PATCHhttps://github.com/concretecms/concretecms
• WEBhttps://github.com/sromanhu/ConcreteCMS-Arbitrary-file-upload-Thumbnail
• WEBhttps://web.archive.org/web/20231026034159/https://documentation.concretecms.org/user-guide/editors-reference/dashboard/system-and-maintenance/files/allowed-file-types
• WEBhttps://www.concretecms.org/about/project-news/security/security-advisory-2023-10-25-concrete-cms-rejects-cve-2023-44763