ByteOS Network

NVD Vulnerability Details :

CVE-2021-40100

Analyzed

Source-cve@mitre.org

Published At-24 Sep, 2021 | 15:15

Updated At-30 Sep, 2021 | 17:03

An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary	2.0	3.5	LOW	AV:N/AC:M/Au:S/C:N/I:P/A:N

concretecms>>concrete_cms>>Versions up to 8.5.5(inclusive)

CWE ID	Type	Source
CWE-79	Primary	nvd@nist.gov

Hyperlink	Source	Resource
https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes	cve@mitre.org	Release Notes Vendor Advisory
https://hackerone.com/reports/616770	cve@mitre.org	Permissions Required Third Party Advisory