A Cross Site Scripting (XSS) vulnerability in Concrete CMS before 9.2.3 exists via the Name parameter during installation (aka Site of Installation or Settings).

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors Products
Concretecms
  • Concrete Cms

Configuration 1 [-]

cpe:2.3:a:concretecms:concrete_cms:9.2.1:*:*:*:*:*:*:*
References
Link Resource
https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes
https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Site_Installation Exploit Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-10-06T00:00:00

Updated: 2024-02-02T05:07:49.489627

Reserved: 2023-10-02T00:00:00

Link: CVE-2023-44764

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2023-10-06T13:15:12.863

Modified: 2024-02-02T06:15:45.043

Link: CVE-2023-44764

JSON object: View

cve-icon Redhat Information

No data.

CWE