CVE-2023-48650 | Concrete CMS up to 8.5.13/9.2.2 Layout Preset Name cross site scripting

Inserito da Angelo Barbosa | Dic 25, 2023 | CVE

A vulnerability classified as problematic has been found in Concrete CMS up to 8.5.13/9.2.2. Affected is an unknown function. The manipulation of the argument Layout Preset Name leads to cross site scripting.

This vulnerability is traded as CVE-2023-48650. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2023-48650 | Concrete CMS up to 8.5.13/9.2.2 Layout Preset Name cross site scripting

Post correlati

CVE-2024-4150 | Simple Basic Contact Form Plugin up to 20221201 on WordPress cross site scripting

CVE-2024-42782 | Kashipara Music Management System 1.0 ajax.php search sql injection

CVE-2024-5906 | Palo Alto Networks Prisma Cloud Compute up to 32.05 Update 4 Web Interface cross site scripting

CVE-2024-45435 | Chartist up to 1.3.0 extend prototype pollution