Stored XSS Vulnerability in Concrete CMS API Integrations via the name parameter
CVE-2023-28477 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter.
Learn more about our Api Penetration Testing.