CVE-2022-43968 Reflected XSS was found in 9.0.0-9.1.2 versions of Concrete CMS below 8.5.10 and between dashboard icons.

CVE-2022-43968 Reflected XSS was found in 9.0.0-9.1.2 versions of Concrete CMS below 8.5.10 and between dashboard icons.

XSS has been reported in the following plugins:

Concrete Email

Concrete Media

Concrete Polls

Concrete Tabs There has also been a case of XSS in the registration form of a Concrete CMS installation. The following proof-of-concept highlights this vulnerability. img> img> The above XSS is triggered when a user visits the “login” page, types their password and submits the form. This can be used as a vector for an attacker to execute arbitrary commands. This issue has been reported to Concrete and is under investigation. XSS has also been reported in the following plugins: XSS has been reported in the following plugins: There has also been a case of XSS in the registration form of a Concrete CMS installation. The following proof-of-concept highlights this vulnerability.

Concrete Email

Concrete Email is a popular email plugin. When the plugin gets installed, it creates a login page where users can input their credentials to log in to their website. There has been a report of XSS in the login form of this plugin and this vulnerability is under investigation.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe