sromanhu/CVE-2023-44766_ConcreteCMS-Stored-XSS---SEO
GitHub
Releases0
Cross Site Scripting vulnerability in ConcreteCMS v.9.2.1 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Header Extra Content from Page Settings.
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 4.8 MEDIUM | — | ||
A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE: the vendor disputes this because this SEO-related header change can only be made by an admin, and allowing an admin to place JavaScript there is an intentional customization feature. | |||