Vulnerabilities > Concretecms > Concrete CMS > 9.1.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-28 | CVE-2023-28475 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized. | 6.1 |
2023-04-28 | CVE-2023-28476 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Tags on uploaded files. | 5.4 |
2023-04-28 | CVE-2023-28477 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter. | 5.4 |