First published: Fri Jun 24 2022(Updated: )
Credit: support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
Concretecms Concrete Cms | <8.5.8 | |
Concretecms Concrete Cms | >=9.0.0<9.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-30120 is medium (6.1).
Concrete CMS versions 8.5.7 and below, as well as versions 9.0 through 9.0.2 are affected by CVE-2022-30120.
CVE-2022-30120 can be exploited by using an older browser with built-in XSS protection disabled, and by manipulating the outputted URLs with insufficient sanitation.
To fix CVE-2022-30120, it is recommended to upgrade to Concrete CMS version 8.5.8 or above.
You can find more information about CVE-2022-30120 in the following references: [reference 1](https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes), [reference 2](https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes), and [reference 3](https://hackerone.com/reports/1363598).