What is CVE-2023-28471?

CVE-2023-28471 is a vulnerability in Concrete CMS (previously concrete5) before version 9.2 that allows for Stored Cross-Site Scripting (XSS) attacks through a container name.

How severe is CVE-2023-28471?

CVE-2023-28471 has a severity rating of 5.4 (medium).

How can I fix CVE-2023-28471?

To fix CVE-2023-28471, update Concrete CMS to version 9.2.0 or higher.

Where can I find more information about CVE-2023-28471?

You can find more information about CVE-2023-28471 on the official NIST NVD website or the Concrete CMS website.

What is the Common Weakness Enumeration (CWE) for CVE-2023-28471?

The CWE for CVE-2023-28471 is CWE-79 (Cross-Site Scripting).

Vulnerability/
CVE-2023-28471

medium

5.4

CWE

28/4/2023

18/1/2024

CVE-2023-28471: XSS

First published: Fri Apr 28 2023(Updated: )

Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name.

Credit: cve@mitre.org cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
	<9.2.0
Concretecms Concrete Cms	<9.2.0
composer/concrete5/concrete5	<9.2.0	9.2.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-28471?
CVE-2023-28471 is a vulnerability in Concrete CMS (previously concrete5) before version 9.2 that allows for Stored Cross-Site Scripting (XSS) attacks through a container name.
How severe is CVE-2023-28471?
CVE-2023-28471 has a severity rating of 5.4 (medium).
How can I fix CVE-2023-28471?
To fix CVE-2023-28471, update Concrete CMS to version 9.2.0 or higher.
Where can I find more information about CVE-2023-28471?
You can find more information about CVE-2023-28471 on the official NIST NVD website or the Concrete CMS website.
What is the Common Weakness Enumeration (CWE) for CVE-2023-28471?
The CWE for CVE-2023-28471 is CWE-79 (Cross-Site Scripting).

collector/nvd-index
agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/softwarecombine
agent/references
agent/author
agent/severity
agent/weakness
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/event
collector/github-advisory-latest
source/GitHub
alias/GHSA-9h33-5fxw-r2xv
alias/CVE-2023-28471
agent/last-modified-date
agent/description
collector/nvd-cve
agent/tags
collector/github-advisory
vendor/concretecms
canonical/concretecms concrete cms
package-manager/composer

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.