CVE-2022-30118
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Title for CVE: XSS in /dashboard/system/express/entities/forms/save_control/[GUID]: old browsers only.Description: When using Internet Explorer with the XSS protection disabled, editing a form control in an express entities form for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 can allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 2 with CVSS v3.1 Vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N. Thanks zeroinside for reporting.
Título del CVE: Una vulnerabilidad de tipo XSS en /dashboard/system/express/entities/forms/save_control/[GUID]: sólo para navegadores antiguos. Descripción: Cuando es usado Internet Explorer con la protección de tipo XSS deshabilitada, la edición de un control de formulario en un formulario de entidades expresas para Concrete versiones 8.5.7 y anteriores, así como para Concrete versiones 9.0 hasta 9.0.2, puede permitir un ataque de tipo XSS. Esto no puede ser explotado en los navegadores web actuales debido a un mecanismo de escape de entrada automático. El equipo de seguridad de Concrete CMS clasificó esta vulnerabilidad 2 con el vector CVSS v3.1 AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N. Gracias a zeroinside por reportar
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-05-02 CVE Reserved
- 2022-06-24 CVE Published
- 2024-01-15 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Concretecms Search vendor "Concretecms" | Concrete Cms Search vendor "Concretecms" for product "Concrete Cms" | < 8.5.8 Search vendor "Concretecms" for product "Concrete Cms" and version " < 8.5.8" | - |
Affected
| ||||||
Concretecms Search vendor "Concretecms" | Concrete Cms Search vendor "Concretecms" for product "Concrete Cms" | >= 9.0.0 < 9.1.0 Search vendor "Concretecms" for product "Concrete Cms" and version " >= 9.0.0 < 9.1.0" | - |
Affected
|