CVE-2023-28477

Published: Apr 28, 2023
Updated: May 9, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-28477" target="_blank" rel="noopener"> CVE-2023-28477
GHSA: <a href="https://github.com/advisories/GHSA-xfmj-r86m-j2hr" target="_blank" rel="noopener"> GHSA-xfmj-r86m-j2hr
Severity: Medium
Exploit:

Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter.

CVSS v3:

CWEs:

OWASP TOP 10:

Vulnerability Database