Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS00NzRmLW1janYtcGdybc4AAzA4

Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names

Concrete CMS (previously concrete5) before 9.1 is vulnerable to Stored XSS in uploaded file and folder names.

Permalink: https://github.com/advisories/GHSA-474f-mcjv-pgrm
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00NzRmLW1janYtcGdybc4AAzA4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 10 months ago
Updated: 3 months ago


CVSS Score: 3.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

Identifiers: GHSA-474f-mcjv-pgrm, CVE-2023-28819
References:

Affected Packages

packagist:concrete5/concrete5
Versions: < 9.1.0
Fixed in: 9.1.0