GHSA-p4jj-gwpg-9jwh
Suggest an improvement- Source
- https://github.com/advisories/GHSA-p4jj-gwpg-9jwh
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-p4jj-gwpg-9jwh/GHSA-p4jj-gwpg-9jwh.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-p4jj-gwpg-9jwh
- Aliases
- Published
- 2023-10-06T15:30:19Z
- Modified
- 2024-02-18T05:26:12.852210Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- ConcreteCMS Cross-site Scripting vulnerability
- Details
-
Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects.
- Database specific
{ "nvd_published_at": "2023-10-06T13:15:12Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-10-06T18:41:21Z" }- References
Affected packages
Packagist / concrete5/concrete5
Package
- Name
- concrete5/concrete5
- Purl
- pkg:composer/concrete5/concrete5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.2.2
Affected versions
8.*
8.0
8.0.1
8.0.2
8.0.3
8.1.0
8.2.0RC2
8.2.0
8.2.1
8.3.0
8.3.1
8.3.2
8.4.0RC3
8.4.0RC4
8.4.0
8.4.1
8.4.2
8.4.3
8.4.4
8.4.5
8.5.0RC1
8.5.0RC2
8.5.0
8.5.1
8.5.2
8.5.3
8.5.4
8.5.5
8.5.6RC1
8.5.6
8.5.7
8.5.8
8.5.9
8.5.10
8.5.11
8.5.12
8.5.13
8.5.14
8.5.15
8.5.99
9.*
9.0.0RC1
9.0.0RC3
9.0.0RC4
9.0.0
9.0.1
9.0.2
9.1.0
9.1.1
9.1.2
9.1.3
9.2.0RC2
9.2.0
9.2.1