GHSA-474f-mcjv-pgrm

Source

https://github.com/advisories/GHSA-474f-mcjv-pgrm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-474f-mcjv-pgrm/GHSA-474f-mcjv-pgrm.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-474f-mcjv-pgrm

Aliases

CVE-2023-28819

Published

2023-04-28T15:30:19Z

Modified

2024-02-16T08:18:42.204857Z

Severity

3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names

Details

Concrete CMS (previously concrete5) before 9.1 is vulnerable to Stored XSS in uploaded file and folder names.

Database specific

{
    "github_reviewed_at": "2023-05-01T13:54:07Z",
    "github_reviewed": true,
    "severity": "LOW",
    "nvd_published_at": "2023-04-28T14:15:10Z",
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Packagist / concrete5/concrete5

Package

Name: concrete5/concrete5
Purl: pkg:composer/concrete5/concrete5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.1.0

Affected versions

8.*

8.0

8.0.1

8.0.2

8.0.3

8.1.0

8.2.0RC2

8.2.0

8.2.1

8.3.0

8.3.1

8.3.2

8.4.0RC3

8.4.0RC4

8.4.0

8.4.1

8.4.2

8.4.3

8.4.4

8.4.5

8.5.0RC1

8.5.0RC2

8.5.0

8.5.1

8.5.2

8.5.3

8.5.4

8.5.5

8.5.6RC1

8.5.6

8.5.7

8.5.8

8.5.9

8.5.10

8.5.11

8.5.12

8.5.13

8.5.14

8.5.15

8.5.99

9.*

9.0.0RC1

9.0.0RC3

9.0.0RC4

9.0.0

9.0.1

9.0.2