CVE-2022-43556 - AskarLabs CVE Database

CVE-2022-43556

Vendor N/A

Product https://github.com/concretecms/concretecms

Weakness CWE-79 · XSS

Published December 5, 2022

Last update April 24, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Thanks @_akbar_jafarli_ for reporting. Remediate by updating to Concrete CMS 8.5.10 and Concrete CMS 9.1.3.

Key dates

02Disclosure timeline

December 5, 2022 CVE published

April 24, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-43556

Related vulnerabilities

04Related CVE

CVE-2017-2607 CVE-2024-3946 WP To Do <= 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings CVE-2025-23552 WordPress Texteller plugin <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-24666 WordPress Hyve Lite plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability CVE-2023-45815 Viewing wget extractor output while logged in as an admin allows archived JS to execute in the admins context in ArchiveBox