Moderate severityOSV Advisory· Published Dec 5, 2022· Updated Apr 24, 2025
CVE-2022-43556
CVE-2022-43556
Description
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Thanks @_akbar_jafarli_ for reporting. Remediate by updating to Concrete CMS 8.5.10 and Concrete CMS 9.1.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
concrete5/concrete5Packagist | < 8.5.10 | 8.5.10 |
concrete5/concrete5Packagist | >= 9.0.0, < 9.1.3 | 9.1.3 |
Affected products
2Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-xj33-8r43-r227ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-43556ghsaADVISORY
- documentation.concretecms.org/developers/introduction/version-history/8510-release-notesghsaWEB
- documentation.concretecms.org/developers/introduction/version-history/913-release-notesghsaWEB
- www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31ghsaWEB
News mentions
0No linked articles in our index yet.