CVE-2023-28477: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

April 28, 2023 (updated May 1, 2023)

Concrete CMS (previously concrete5) before 9.2 is vulnerable to stored XSS on API Integrations via the name parameter.

References

concretecms.com/
github.com/advisories/GHSA-xfmj-r86m-j2hr
nvd.nist.gov/vuln/detail/CVE-2023-28477
www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20

Detect and mitigate CVE-2023-28477 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →