GHSA-9722-9j67-vjcr: Improper Authorization in Select Permissions

GHSA-qjrv-v6qp-x99x: SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings

GHSA-f3cx-396f-7jqp: Livewire Remote Code Execution on File Uploads

GHSA-ffcv-v6pw-qhrp: Denial of Service in TYPO3 Bookmark Toolbar

GHSA-9cp9-8gw2-8v7m: Adguard Home arbitrary file read vulnerability

Concrete CMS version 9 before 9.2.5 is vulnerable to  stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector  AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability. 


**Concrete CMS vulnerable to stored XSS via the Role Name field**

Low severity GitHub Reviewed Published Feb 9, 2024 to the GitHub Advisory Database • Updated Feb 9, 2024

Headline

GHSA-q25h-jch8-gfrp: Concrete CMS vulnerable to stored XSS via the Role Name field

ghsa: Latest News