CVE-2022-43694 Information

Nov 15, 2022 cve

Description

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output.

Reference

https://github.com/concretecms/concretecms/releases/8.5.10 https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31 https://github.com/concretecms/concretecms/releases/9.1.3

Share on: