CVE-2023-28474: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

April 28, 2023 (updated May 1, 2023)

Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Saved Presets on search.

References

concretecms.com/
github.com/advisories/GHSA-2j26-j953-2rph
nvd.nist.gov/vuln/detail/CVE-2023-28474
www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20

Detect and mitigate CVE-2023-28474 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →