CVE-2023-44761: XSS
First published: Fri Oct 06 2023(Updated: )
Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Concretecms Concrete Cms | =9.2.1 | |
| composer/concrete5/concrete5 | <=9.2.1 | 9.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the CVE ID of this vulnerability?
The CVE ID of this vulnerability is CVE-2023-44761.
What is the severity rating of CVE-2023-44761?
The severity rating of CVE-2023-44761 is medium with a CVSS score of 5.4.
How does this vulnerability impact Concrete CMS v.9.2.1?
Multiple Cross-Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects.
Which software versions are affected by CVE-2023-44761?
Concrete CMS v.9.2.1 is affected by CVE-2023-44761.
How can I fix CVE-2023-44761 in Concrete CMS v.9.2.1?
To fix CVE-2023-44761 in Concrete CMS v.9.2.1, update to a version that has the security patch applied.
- collector/nvd-index
- collector/mitre-cve
- collector/nvd-api
- collector/github-advisory-latest
- alias/GHSA-p4jj-gwpg-9jwh
- alias/CVE-2023-44761
- collector/nvd-cve
- collector/github-advisory
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/tags
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/concretecms
- canonical/concretecms concrete cms
- version/concretecms concrete cms/9.2.1
- package-manager/composer