Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
concretecms concrete cms vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-40100
An issue exists in Concrete CMS up to and including 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text.
Concretecms Concrete Cms
7.2
CVSSv3
CVE-2021-40101
An issue exists in Concrete CMS prior to 8.5.7. The Dashboard allows a user's password to be changed without a prompt for the current password.
Concretecms Concrete Cms
9.1
CVSSv3
CVE-2021-40102
An issue exists in Concrete CMS up to and including 8.5.5. Arbitrary File deletion can occur via PHAR deserialization in is_dir (PHP Object Injection associated with the __wakeup magic method).
Concretecms Concrete Cms
7.5
CVSSv3
CVE-2021-40103
An issue exists in Concrete CMS up to and including 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF.
Concretecms Concrete Cms
7.5
CVSSv3
CVE-2021-40104
An issue exists in Concrete CMS up to and including 8.5.5. There is an SVG sanitizer bypass.
Concretecms Concrete Cms
6.1
CVSSv3
CVE-2021-40105
An issue exists in Concrete CMS up to and including 8.5.5. There is XSS via Markdown Comments.
Concretecms Concrete Cms
6.1
CVSSv3
CVE-2021-40106
An issue exists in Concrete CMS up to and including 8.5.5. There is unauthenticated stored XSS in blog comments via the website field.
Concretecms Concrete Cms
8.8
CVSSv3
CVE-2021-40108
An issue exists in Concrete CMS up to and including 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint.
Concretecms Concrete Cms
6.4
CVSSv3
CVE-2021-40109
A SSRF issue exists in Concrete CMS up to and including 8.5.5. Users can access forbidden files on their local network. A user with permissions to upload files from external sites can upload a URL that redirects to an internal resource of any file type. The redirect is followed a...
Concretecms Concrete Cms
6.1
CVSSv3
CVE-2022-43967
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
Concretecms Concrete Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »