CVE-2021-28145: Concrete CMS Cross-site Scripting via Survey Blocks
5.4
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.42105%
CWE
Published
5/24/2022
Updated
8/3/2023
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
concrete5/concrete5 | composer | < 8.5.5 | 8.5.5 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The exact commit diff or code changes are not provided, making it challenging to directly identify the vulnerable functions. The vulnerability is related to XSS via survey blocks in Concrete CMS, which typically involves input processing and output rendering functions. Without specific code changes or function names from the patch, we cannot confidently list the vulnerable functions.