CVE-2022-30119

CVE-2022-30119

Vendor N/A
Product https://github.com/concrete5/concrete5
Weakness CWE-79 · XSS
Published June 24, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 2 with CVSS v3.1 Vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N. Thanks zeroinside for reporting.

Key dates

02Disclosure timeline

June 24, 2022 CVE published
August 3, 2024 Record updated