CVE-2022-43556
MEDIUM4.2EPSS 1.9%Concrete CMS vulnerable to cross-site scripting in the text input field
發布日:2022/12/6修改日:2023/11/8
描述
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Remediate by updating to Concrete CMS 8.5.10 and Concrete CMS 9.1.3.
受影響套件(1)
- Packagist/concrete5/concrete5from 0, < 8.5.10
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.2 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-43556
- PATCHhttps://github.com/concretecms/concretecms
- WEBhttps://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
- WEBhttps://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
- WEBhttps://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31