First published: Mon Nov 14 2022(Updated: )
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS - user can cause an administrator to trigger reflected XSS with a url if the targeted administrator is using an old browser that lacks XSS protection. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Concretecms Concrete Cms | <8.5.10 | |
Concretecms Concrete Cms | >=9.0.0<=9.1.2 | |
<8.5.10 | ||
>=9.0.0<=9.1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-43692 is a vulnerability in Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 that allows a user to trigger reflected XSS in an administrator's browser if they are using an old browser without XSS protection.
CVE-2022-43692 has a severity rating of 6.1 (medium).
To fix CVE-2022-43692, you need to update your Concrete CMS installation to version 9.1.3 or higher.
Concrete CMS is a content management system (CMS) that was formerly known as concrete5.
Reflected XSS is a type of cross-site scripting vulnerability where the malicious script is embedded in a URL and executed when the victim clicks on the manipulated URL.