CVE-2023-28820

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-28820

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-28820.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-28820

Aliases

GHSA-fgxj-g7x3-85cq

Published

2023-04-28T14:15:10.703Z

Modified

2025-11-15T04:56:54.611415Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized.

References

Affected packages

Git / github.com/concretecms/concretecms

Affected ranges

Type: GIT
Repo: https://github.com/concretecms/concretecms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f1a0eb94bc70d74c58ec8746a7a940cf8257bf22

Affected versions

5.*

5.7.0

5.7.0.1

5.7.0.3

5.7.0.4

5.7.1

5.7.2

5.7.2.1

5.7.3

5.7.3.1

5.7.4

5.7.4.1

5.7.4.2

5.7.5

5.7.5.1

5.7.5.10

5.7.5.11

5.7.5.12

5.7.5.2

5.7.5.3

5.7.5.4

5.7.5.5

5.7.5.6

5.7.5.7

5.7.5.8

5.7.5.9

8.*

8.0

8.0.1

8.0.2

8.0.3

8.1.0

8.2.0

8.2.0RC2

8.2.1

8.3.0

8.3.1

8.3.2

8.4.0

8.4.0RC3

8.4.0RC4

8.4.1

8.4.2

8.4.3

8.4.4

8.4.5

8.5.0

8.5.0RC1

8.5.0RC2

8.5.1

8.5.2

8.5.3

8.5.4

8.5.5

9.*

9.0.0

9.0.0RC1

9.0.0RC3

9.0.0RC4

9.0.1

9.0.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-28820.json"