First published: Mon Nov 14 2022(Updated: )
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Concretecms Concrete Cms | <8.5.10 | |
Concretecms Concrete Cms | >=9.0.0<=9.1.2 | |
<8.5.10 | ||
>=9.0.0<=9.1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-43694 is a vulnerability in Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 that allows for reflected XSS in the image manipulation library due to un-sanitized output.
The severity of CVE-2022-43694 is medium with a CVSS score of 6.1.
CVE-2022-43694 affects Concrete CMS below version 8.5.10 and between version 9.0.0 and 9.1.2.
To fix CVE-2022-43694, upgrade Concrete CMS to version 8.5.10 or higher if using a version below 8.5.10, or upgrade to a version between 9.0.0 and 9.1.2 if using a version in that range.
More information about CVE-2022-43694 can be found in the following references: [Reference 1](https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes), [Reference 2](https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes), [Reference 3](https://github.com/concretecms/concretecms/releases/8.5.10).