Headline

GHSA-p4jj-gwpg-9jwh: ConcreteCMS Cross-site Scripting vulnerability

Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects.

12 months ago

ghsa

Open in Source

#xss #vulnerability #git

ConcreteCMS Cross-site Scripting vulnerability

Moderate severity GitHub Reviewed Published Oct 6, 2023 to the GitHub Advisory Database • Updated Oct 6, 2023

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name.

10 months ago

CVE

Open in Source

#xss #vulnerability #java #auth

CVE-2023-44761: GitHub - sromanhu/ConcreteCMS-Stored-XSS---Forms: Cross Site Scripting vulnerability in ConcreteCMS v.9.2.1 allows a local attacker to execute arbitrary code via a crafted script to the Form of the Da

Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects.

12 months ago

CVE

Open in Source

#xss #vulnerability #web #git #java #auth