CVE-2023-28472

Published: Apr 28, 2023
Updated: May 9, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-28472" target="_blank" rel="noopener"> CVE-2023-28472
GHSA: <a href="https://github.com/advisories/GHSA-f55r-8rcv-mqcf" target="_blank" rel="noopener"> GHSA-f55r-8rcv-mqcf
Severity: Medium
Exploit:

Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies.

CVSS v3:

CWEs:

OWASP TOP 10:

Vulnerability Database