GHSA-4qv6-37xq-mgq2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4qv6-37xq-mgq2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-4qv6-37xq-mgq2/GHSA-4qv6-37xq-mgq2.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4qv6-37xq-mgq2
- Aliases
- Published
- 2023-10-24T00:31:07Z
- Modified
- 2024-02-16T08:06:44.007821Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Concrete CMS Cross-site Scripting vulnerability
- Details
-
Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics.
- Database specific
{ "nvd_published_at": "2023-10-23T22:15:09Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-10-24T19:21:31Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-44760
- https://github.com/sromanhu/CVE-2023-44760_ConcreteCMS-Stored-XSS---TrackingCodes/issues/1
- https://github.com/concretecms/concretecms
- https://github.com/sromanhu/ConcreteCMS-Stored-XSS---TrackingCodes
- https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-31-concrete-cms-rejects-cve-2023-44760-and-cve-2023-44766
Affected packages
Packagist / concrete5/concrete5
Package
- Name
- concrete5/concrete5
- Purl
- pkg:composer/concrete5/concrete5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected9.2.1
Affected versions
8.*
8.0
8.0.1
8.0.2
8.0.3
8.1.0
8.2.0RC2
8.2.0
8.2.1
8.3.0
8.3.1
8.3.2
8.4.0RC3
8.4.0RC4
8.4.0
8.4.1
8.4.2
8.4.3
8.4.4
8.4.5
8.5.0RC1
8.5.0RC2
8.5.0
8.5.1
8.5.2
8.5.3
8.5.4
8.5.5
8.5.6RC1
8.5.6
8.5.7
8.5.8
8.5.9
8.5.10
8.5.11
8.5.12
8.5.13
8.5.14
8.5.15
8.5.99
9.*
9.0.0RC1
9.0.0RC3
9.0.0RC4
9.0.0
9.0.1
9.0.2
9.1.0
9.1.1
9.1.2
9.1.3
9.2.0RC2
9.2.0
9.2.1