CVE-2021-28145 - CERT CVE

  1. CVE-2021-28145

ID CVE-2021-28145
Sažetak Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges.
Reference
CVSS
Base: 3.5
Impact: 2.9
Exploitability:6.8
Pristup
VektorSloženostAutentikacija
NETWORK MEDIUM SINGLE
Impact
PovjerljivostCjelovitostDostupnost
NONE PARTIAL NONE
CVSS vektor AV:N/AC:M/Au:S/C:N/I:P/A:N
Zadnje važnije ažuriranje 17-11-2021 - 19:59
Objavljeno 18-03-2021 - 16:15