CVE-2023-44764

Description

A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SITE parameter from installation or in the Settings.

Affected packages (1)

• Packagist/concrete5/concrete5from 0, <= 9.2.1

CVSS scores

References (4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-44764
• WEBhttps://documentation.concretecms.org/developers/introduction/version-history/923-release-notes
• WEBhttps://github.com/concretecms/concretecms
• WEBhttps://github.com/sromanhu/ConcreteCMS-Stored-XSS---Site_Installation