GHSA-4pcg-pjp5-3mc6
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4pcg-pjp5-3mc6
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-4pcg-pjp5-3mc6/GHSA-4pcg-pjp5-3mc6.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-4pcg-pjp5-3mc6
- Aliases
-
- CVE-2025-8571
- Published
- 2025-08-06T00:30:25Z
- Modified
- 2025-08-07T04:57:20.119581Z
- Severity
-
- 4.8 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Concrete CMS vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page
- Details
-
Concrete CMS 9 to 9.4.2 and versions below 8.5.21 are vulnerable to Reflected Cross-Site Scripting (XSS) in the Conversation Messages Dashboard Page. Unsanitized input could cause theft of session cookies or tokens, defacement of web content, redirection to malicious sites, and (if victim is an admin), the execution of unauthorized actions.
- Database specific
{ "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2025-08-06T17:24:47Z", "nvd_published_at": "2025-08-05T23:15:38Z", "cwe_ids": [ "CWE-20", "CWE-79" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2025-8571
- https://github.com/concretecms/concretecms/commit/4b39dcc17c309dc82eb8398e8cdb146942f62f92
- https://github.com/concretecms/concretecms/commit/f7630b467d3a234d3d333ca117046a500e7ee2b6
- https://documentation.concretecms.org/9-x/developers/introduction/version-history/943-release-notes
- https://documentation.concretecms.org/developers/introduction/version-history/8521-release-notes
- https://github.com/concretecms/concretecms
- https://www.concretecms.org/download
Affected packages
Packagist / concrete5/concrete5
Package
- Name
- concrete5/concrete5
- Purl
- pkg:composer/concrete5/concrete5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.5.21
Affected versions
8.*
8.0
8.0.1
8.0.2
8.0.3
8.1.0
8.2.0RC2
8.2.0
8.2.1
8.3.0
8.3.1
8.3.2
8.4.0RC3
8.4.0RC4
8.4.0
8.4.1
8.4.2
8.4.3
8.4.4
8.4.5
8.5.0RC1
8.5.0RC2
8.5.0
8.5.1
8.5.2
8.5.3
8.5.4
8.5.5
8.5.6RC1
8.5.6
8.5.7
8.5.8
8.5.9
8.5.10
8.5.11
8.5.12
8.5.13
8.5.14
8.5.15
8.5.16
8.5.17
8.5.18
8.5.19
8.5.20
Packagist / concrete5/concrete5
Package
- Name
- concrete5/concrete5
- Purl
- pkg:composer/concrete5/concrete5