CVE-2022-43692
Description
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS - user can cause an administrator to trigger reflected XSS with a url if the targeted administrator is using an old browser that lacks XSS protection. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
References
PatchRelease NotesThird Party Advisory
Release NotesVendor Advisory
Release NotesVendor Advisory
Vendor Advisory
PatchRelease NotesThird Party Advisory
CvssV3 impact
Could not find any metrics
CvssV2 impact
Could not find any metrics