CVE-2023-28471: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

April 28, 2023 (updated May 1, 2023)

Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name.

References

concretecms.com/
github.com/advisories/GHSA-9h33-5fxw-r2xv
nvd.nist.gov/vuln/detail/CVE-2023-28471
www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20

Detect and mitigate CVE-2023-28471 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →