CVE-2022-43967 CMS below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS due to un-sanitized output.
XSS in the multilingual edit form is possible due to the lack of escaping of user-specified languages. This could allow for XSS injection attacks if a user does not use caution when inputting content in a different language. The update to 9.1.3 fixes this issue. XSS in the multilingual report is possible due to the lack of escaping of user-specified languages. This could allow for XSS injection attacks if a user does not use caution when inputting content in a different language. The update to 9.1.3 fixes this issue. Concrete CMS is vulnerable to Reflected XSS due to the lack of escaping of user-specified languages. This could allow for XSS injection attacks if a user does not use caution when inputting content in a different language. The update to 9.1.3 fixes this issue. In Concrete 5.6 and below, if a user is editing a page that is shared with non-English characters, then a XSS vulnerability can be exploited. The update to 5.6.10 fixes this. --------------------------- Concrete CMS is vulnerable to XSS due to the lack of escaping of user-specified languages. This could allow for XSS injection attacks if a user does not use caution when inputting content in a different language. The update to 9.1.3 fixes this. --------------------------- In Concrete 5.6 and below, if a user is editing a page that is shared with non
Concrete CMS is vulnerable to XSS due to the lack of escaping of user-specified languages
. This could allow for XSS injection attacks if a user does not use caution when inputting content in a different language. The update to 5.6.10 fixes this.
Concrete CMS is vulnerable to Reflected XSS due to the lack of escaping of user-specified languages. This could allow for XSS injection attacks if a user does not use caution when inputting content in a different language. The update to 9.1.3 fixes this issue
In Concrete 5.6 and below, if a user is editing a page that is shared with non-English characters, then a XSS vulnerability can be exploited. The update to 5.6.10 fixes this
Concrete CMS is vulnerable to CSRF due to Reflected XSS in the multilingual edit form
In Concrete 5.6 and below, if a user is editing a page that is shared with non-English characters, then a XSS vulnerability can be exploited. The update to 5.6.10 fixes this.
In Concrete CMS, XSS in the multilingual edit form is possible due to the lack of escaping of user-specified languages. This could allow for XSS injection attacks if a user does not use caution when inputting content in a different language. The update to 9.1.3 fixes this issue.
In Concrete CMS, XSS in the multilingual report is possible due to the lack of escaping of user-specified languages. This could allow for XSS injection attacks if a user does not use caution when inputting content in a different language. The update to 9.1.3 fixes this issue.>>END
Concrete CMS is vulnerable to CSRF due to the lack of CSRF protection on the admin panel. This could allow for CSRF attacks if a user does not use caution when inputting data on the admin panel. The update to 5.6.10 fixes this.
How to Outsource SEO Correctly & Avoid the 5 Most Common Mistakes
Timeline
Published on: 11/14/2022 22:15:00 UTC
Last modified on: 11/17/2022 22:01:00 UTC
References
- https://github.com/concretecms/concretecms/releases/8.5.10
- https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
- https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
- https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
- https://github.com/concretecms/concretecms/releases/9.1.3
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43967