5.3
CVE-2023-28472
- EPSS 0.59%
- Veröffentlicht 28.04.2023 14:15:10
- Zuletzt bearbeitet 21.11.2024 07:55:09
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginConcrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Concretecms ≫ Concrete Cms Version < 9.2.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.59% | 0.436 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
https://concretecms.com
https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20
https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release