CVE-2023-44766

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Oct 6, 2023

Updated: Aug 2, 2024

CWE ID 79

Summary

CVE-2023-44766 is a Cross Site Scripting (XSS) vulnerability identified in Concrete CMS version 9.2.1. An attacker can exploit this issue by injecting malicious scripts into the SEO - Extra from Page Settings feature. Although the vendor disagrees, asserting that only administrators have the capability to modify this SEO-related header, the ability to insert JavaScript in this manner can potentially be used for code execution. This vulnerability poses a serious security risk if an admin account is compromised.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/s4Bcz-
https://www.cve.org/CVERecord?id=CVE-2023-44766
https://nvd.nist.gov/vuln/detail/CVE-2023-44766

Back to Vulnerability Database

CVE-2023-44766

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations