CVE-2022-43967 CMS below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS due to un-sanitized output.

CVE-2022-43967 CMS below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS due to un-sanitized output.

XSS in the multilingual edit form is possible due to the lack of escaping of user-specified languages. This could allow for XSS injection attacks if a user does not use caution when inputting content in a different language. The update to 9.1.3 fixes this issue. XSS in the multilingual report is possible due to the lack of escaping of user-specified languages. This could allow for XSS injection attacks if a user does not use caution when inputting content in a different language. The update to 9.1.3 fixes this issue. Concrete CMS is vulnerable to Reflected XSS due to the lack of escaping of user-specified languages. This could allow for XSS injection attacks if a user does not use caution when inputting content in a different language. The update to 9.1.3 fixes this issue. In Concrete 5.6 and below, if a user is editing a page that is shared with non-English characters, then a XSS vulnerability can be exploited. The update to 5.6.10 fixes this. --------------------------- Concrete CMS is vulnerable to XSS due to the lack of escaping of user-specified languages. This could allow for XSS injection attacks if a user does not use caution when inputting content in a different language. The update to 9.1.3 fixes this. --------------------------- In Concrete 5.6 and below, if a user is editing a page that is shared with non

Concrete CMS is vulnerable to XSS due to the lack of escaping of user-specified languages

. This could allow for XSS injection attacks if a user does not use caution when inputting content in a different language. The update to 5.6.10 fixes this.
Concrete CMS is vulnerable to Reflected XSS due to the lack of escaping of user-specified languages. This could allow for XSS injection attacks if a user does not use caution when inputting content in a different language. The update to 9.1.3 fixes this issue
In Concrete 5.6 and below, if a user is editing a page that is shared with non-English characters, then a XSS vulnerability can be exploited. The update to 5.6.10 fixes this

Concrete CMS is vulnerable to CSRF due to Reflected XSS in the multilingual edit form

In Concrete 5.6 and below, if a user is editing a page that is shared with non-English characters, then a XSS vulnerability can be exploited. The update to 5.6.10 fixes this.
In Concrete CMS, XSS in the multilingual edit form is possible due to the lack of escaping of user-specified languages. This could allow for XSS injection attacks if a user does not use caution when inputting content in a different language. The update to 9.1.3 fixes this issue.
In Concrete CMS, XSS in the multilingual report is possible due to the lack of escaping of user-specified languages. This could allow for XSS injection attacks if a user does not use caution when inputting content in a different language. The update to 9.1.3 fixes this issue.>>END

Concrete CMS is vulnerable to CSRF due to the lack of CSRF protection on the admin panel. This could allow for CSRF attacks if a user does not use caution when inputting data on the admin panel. The update to 5.6.10 fixes this.


How to Outsource SEO Correctly & Avoid the 5 Most Common Mistakes

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe