CVE-2021-22954
Cross Site Request Forgery in concrete5/concrete5
EPSS 0.15%
Description
A cross-site request forgery vulnerability exists in Concrete CMS <v9 that could allow an attacker to make requests on behalf of other users.
How to fix CVE-2021-22954
To remediate CVE-2021-22954, upgrade the affected package to a fixed version below.
- Packagist/concrete5/concrete5—upgrade to 9.0.0 or later
Is CVE-2021-22954 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 9.0.0