CVE-2022-43967 CMS below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS due to un-sanitized output.
XSS in the multilingual edit form is possible due to the lack of escaping of user-specified languages. This could allow for XSS injection attacks if
CVE-2022-43323 EyouCMS V1.5.9-UTF8-SP1 was found to have a CSRF vulnerability in the Top Up Balance component.
This issue can be exploited to hijack the user's session if he/she has the same email address on the site as on
CVE-2022-44387 EyouCMS V1.5.9-UTF8-SP1 had a CSRF vulnerability in the Basic Information component of the Edit Member module.
An attacker could exploit this issue to force the user to login via CSRF if they have access to the backend system. In certain cases,
CVE-2022-43692 Reflected XSS can be exploited by a user if the targeted administrator is using an older browser that lacks XSS protection.
If you are running a version before 8.5.10 and are using a browser that supports XSS protection you must update to a version
CVE-2022-43693 - Concrete CMS CSRF Flaw in Core OAuth – How Attackers Can Hijack Your Login
Concrete CMS is a popular open-source content management system powering many government and enterprise websites. In late 2022, a worrying vulnerability — now tracked as CVE-2022-43693
Episode
00:00:00
00:00:00