GHSA-jxhp-rwqv-9fjj

Source

https://github.com/advisories/GHSA-jxhp-rwqv-9fjj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jxhp-rwqv-9fjj/GHSA-jxhp-rwqv-9fjj.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-jxhp-rwqv-9fjj

Aliases

CVE-2015-3989

Published

2022-05-17T03:29:56Z

Modified

2025-04-14T19:57:09.815230Z

Severity

1.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U CVSS Calculator

Summary

concrete5 vulnerable to Cross-site Scripting

Details

Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to private messages or other unspecified vectors.

Database specific

{
    "nvd_published_at": "2015-05-15T18:59:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-14T19:42:05Z"
}

References

Affected packages

Packagist / concrete5/concrete5

Package

Name: concrete5/concrete5
Purl: pkg:composer/concrete5/concrete5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.7.4