GHSA-rg6w-c352-p8pg, CVE-2022-43692
packagist/concrete5/concrete5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS - user can cause an administrator to trigger reflected XSS with a url if the targeted administrator is using an old browser that lacks XSS protection. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
All versions before 8.5.10, all versions starting from 9.0.0 before 9.1.3
Upgrade to versions 8.5.10, 9.1.3 or above.
2022-11-22
source |