First published: Mon Nov 14 2022(Updated: )
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in icons since the Microsoft application tile color is not sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Concretecms Concrete Cms | <8.5.10 | |
Concretecms Concrete Cms | >=9.0.0<=9.1.2 | |
<8.5.10 | ||
>=9.0.0<=9.1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-43688 is a vulnerability in Concrete CMS that allows for stored cross-site scripting (XSS) attacks.
CVE-2022-43688 has a severity rating of 4.8 out of 10, which is considered medium.
Concrete CMS versions below 8.5.10 and versions between 9.0.0 and 9.1.2 are vulnerable.
To mitigate CVE-2022-43688, update to Concrete CMS version 9.1.3 or higher, or version 8.5.10 or higher.
You can find more information about CVE-2022-43688 in the release notes of Concrete CMS versions 8.5.10 and 9.1.3, as well as on the Concrete CMS GitHub page.