GHSA-6fm3-r6mf-j875
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6fm3-r6mf-j875
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-6fm3-r6mf-j875/GHSA-6fm3-r6mf-j875.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-6fm3-r6mf-j875
- Aliases
- Published
- 2023-10-06T15:30:19Z
- Modified
- 2024-02-15T05:32:14.683815Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- ConcreteCMS Cross-site Scripting vulnerability
- Details
-
A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags.
- Database specific
{ "cwe_ids": [ "CWE-79" ], "github_reviewed": true, "severity": "MODERATE", "github_reviewed_at": "2023-10-06T18:41:41Z", "nvd_published_at": "2023-10-06T13:15:12Z" }- References
Affected packages
Packagist / concrete5/concrete5
Package
- Name
- concrete5/concrete5
- Purl
- pkg:composer/concrete5/concrete5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected9.2.1
Affected versions
8.*
8.0
8.0.1
8.0.2
8.0.3
8.1.0
8.2.0RC2
8.2.0
8.2.1
8.3.0
8.3.1
8.3.2
8.4.0RC3
8.4.0RC4
8.4.0
8.4.1
8.4.2
8.4.3
8.4.4
8.4.5
8.5.0RC1
8.5.0RC2
8.5.0
8.5.1
8.5.2
8.5.3
8.5.4
8.5.5
8.5.6RC1
8.5.6
8.5.7
8.5.8
8.5.9
8.5.10
8.5.11
8.5.12
8.5.13
8.5.14
8.5.15
8.5.99
9.*
9.0.0RC1
9.0.0RC3
9.0.0RC4
9.0.0
9.0.1
9.0.2
9.1.0
9.1.1
9.1.2
9.1.3
9.2.0RC2
9.2.0
9.2.1