Vulnerability Details CVE-2023-49337
Concrete CMS before 9.2.3 allows Stored XSS on the Admin Dashboard via /dashboard/system/basics/name. (8.5 and earlier are unaffected.)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.0%
CVSS Severity
CVSS v3 Score 2.4
References
- https://github.com/concretecms/concretecms/commit/07b433799b888c4eb854e052ca58b032ebc6d36f
- https://hackerone.com/reports/2232594
- https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates
- https://github.com/concretecms/concretecms/commit/07b433799b888c4eb854e052ca58b032ebc6d36f
- https://hackerone.com/reports/2232594
- https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates
Products affected by CVE-2023-49337
-
cpe:2.3:a:concretecms:concrete_cms:9.0.0
-
cpe:2.3:a:concretecms:concrete_cms:9.0.1
-
cpe:2.3:a:concretecms:concrete_cms:9.0.2
-
cpe:2.3:a:concretecms:concrete_cms:9.1.0
-
cpe:2.3:a:concretecms:concrete_cms:9.1.1
-
cpe:2.3:a:concretecms:concrete_cms:9.1.2
-
cpe:2.3:a:concretecms:concrete_cms:9.1.3
-
cpe:2.3:a:concretecms:concrete_cms:9.2.1
-
cpe:2.3:a:concretecms:concrete_cms:9.2.2