Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
concrete5 concrete5 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-5181
Cross-site scripting (XSS) vulnerability in concrete5 Japanese 5.5.1 up to and including 5.5.2.1 and concrete5 English 5.5.0 up to and including 5.6.0.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Concrete5 Concrete5 5.5.0
Concrete5 Concrete5 5.5.1
Concrete5 Concrete5 5.5.2
Concrete5 Concrete5 5.5.2.1
Concrete5 Concrete5 5.6.0
Concrete5 Concrete5 5.6.0.1
Concrete5 Concrete5 5.6.0.2
NA
CVE-2014-5108
Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 prior to 5.6.3 allows remote malicious users to inject arbitrary web script or HTML via the HTTP Referer header to index.php/download_file.
Concrete5 Concrete5 5.5.0
Concrete5 Concrete5 5.5.1
Concrete5 Concrete5 5.5.2
Concrete5 Concrete5 5.5.2.1
Concretecms Concrete Cms 5.6.1.1
Concretecms Concrete Cms 5.6.1.2
Concretecms Concrete Cms 5.6.2
Concretecms Concrete Cms 5.6.2.1
Concretecms Concrete Cms 5.4.2.1
Concrete5 Concrete5 5.6.0.1
Concretecms Concrete Cms 5.6.1
Concretecms Concrete Cms 5.4.2
Concretecms Concrete Cms 5.4.2.2
Concrete5 Concrete5 5.6.0
Concrete5 Concrete5 5.6.0.2
NA
CVE-2014-5107
concrete5 prior to 5.6.3 allows remote malicious users to obtain the installation path via a direct request to (1) system/basics/editor.php, (2) system/view.php, (3) system/environment/file_storage_locations.php, (4) system/mail/importers.php, (5) system/mail/method.php, (6) syst...
Concretecms Concrete Cms 5.4.2.2
Concrete5 Concrete5 5.5.0
Concrete5 Concrete5 5.5.1
Concrete5 Concrete5 5.5.2
Concretecms Concrete Cms 5.6.1
Concretecms Concrete Cms 5.6.1.1
Concretecms Concrete Cms 5.6.1.2
Concretecms Concrete Cms 5.6.2
Concretecms Concrete Cms 5.6.2.1
Concretecms Concrete Cms 5.4.2.1
Concrete5 Concrete5 5.5.2.1
Concrete5 Concrete5 5.6.0.1
Concretecms Concrete Cms 5.4.2
Concrete5 Concrete5 5.6.0
Concrete5 Concrete5 5.6.0.2
6.1
CVSSv3
CVE-2017-6905
An issue exists in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (disable_choose) passed to the "concrete5-legacy-master/web/concrete/tools/files/search_dialog.php" URL. An attacker could execute arbitrary HTML an...
Concrete5 Concrete5
6.1
CVSSv3
CVE-2017-6908
An issue exists in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (fID) passed to the "concrete5-legacy-master/web/concrete/tools/files/selector_data.php" URL. An attacker could execute arbitrary HTML and script co...
Concrete5 Concrete5
NA
CVE-2015-3989
Multiple cross-site scripting (XSS) vulnerabilities in concrete5 prior to 5.7.4 allow remote malicious users to inject arbitrary web script or HTML via vectors related to private messages or other unspecified vectors.
Concrete5 Concrete5
NA
CVE-2015-2250
Multiple cross-site scripting (XSS) vulnerabilities in concrete5 prior to 5.7.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) banned_word[] parameter to index.php/dashboard/system/conversations/bannedwords/success, (2) channel parameter to index....
Concrete5 Concrete5
NA
CVE-2011-3721
concrete 5.4.0.5, 5.4.1, and 5.4.1.1 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/spellchecker_service.php and certain other files.
Concrete5 Concrete 5.4.1
Concrete5 Concrete 5.4.1.1
Concrete5 Concrete 5.4.0.5
6.1
CVSSv3
CVE-2021-41464
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote malicious users to inject arbitrary web script or HTML via the rel parameter.
Concrete5-legacy Project Concrete5-legacy
6.1
CVSSv3
CVE-2021-41461
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote malicious users to inject arbitrary web script or HTML via the mode parameter.
Concrete5-legacy Project Concrete5-legacy
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »