Unrated severityNVD Advisory· Published Jun 24, 2022· Updated Aug 3, 2024
CVE-2022-30119
CVE-2022-30119
Description
XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 2 with CVSS v3.1 Vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N. Thanks zeroinside for reporting.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Concrete/Concretedescription
Patches
Vulnerability mechanics
References
3- documentation.concretecms.org/developers/introduction/version-history/858-release-notesmitrex_refsource_MISC
- documentation.concretecms.org/developers/introduction/version-history/910-release-notesmitrex_refsource_MISC
- hackerone.com/reports/1370054mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.