CVE-2022-43968: XSS
First published: Mon Nov 14 2022(Updated: )
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Concretecms Concrete Cms | <8.5.10 | |
| Concretecms Concrete Cms | >=9.0.0<=9.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
- https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
- https://github.com/concretecms/concretecms/releases/8.5.10
- https://github.com/concretecms/concretecms/releases/9.1.3
- https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
Frequently Asked Questions
What is CVE-2022-43968?
CVE-2022-43968 is a vulnerability in Concrete CMS that allows for Reflected XSS in the dashboard icons.
How severe is CVE-2022-43968?
CVE-2022-43968 has a severity rating of 6.1 (medium).
How do I fix CVE-2022-43968?
To fix CVE-2022-43968, update to Concrete CMS version 9.1.3+ or 8.5.10+.
Where can I find more information about CVE-2022-43968?
You can find more information about CVE-2022-43968 in the release notes of Concrete CMS versions 8.5.10 and 9.1.3+.
What is the CWE number for CVE-2022-43968?
The CWE number for CVE-2022-43968 is 79.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- vendor/concretecms
- canonical/concretecms concrete cms
- version/concretecms concrete cms/9.0.0
- version/concretecms concrete cms/9.1.2