Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

concrete5 concrete5 vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2012-5181
Cross-site scripting (XSS) vulnerability in concrete5 Japanese 5.5.1 up to and including 5.5.2.1 and concrete5 English 5.5.0 up to and including 5.6.0.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Concrete5 Concrete5 5.5.0Concrete5 Concrete5 5.5.1Concrete5 Concrete5 5.5.2Concrete5 Concrete5 5.5.2.1Concrete5 Concrete5 5.6.0Concrete5 Concrete5 5.6.0.1Concrete5 Concrete5 5.6.0.2
NA
CVE-2014-5108
Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 prior to 5.6.3 allows remote malicious users to inject arbitrary web script or HTML via the HTTP Referer header to index.php/download_file.
Concrete5 Concrete5 5.5.0Concrete5 Concrete5 5.5.1Concrete5 Concrete5 5.5.2Concrete5 Concrete5 5.5.2.1Concretecms Concrete Cms 5.6.1.1Concretecms Concrete Cms 5.6.1.2Concretecms Concrete Cms 5.6.2Concretecms Concrete Cms 5.6.2.1Concretecms Concrete Cms 5.4.2.1Concrete5 Concrete5 5.6.0.1Concretecms Concrete Cms 5.6.1Concretecms Concrete Cms 5.4.2Concretecms Concrete Cms 5.4.2.2Concrete5 Concrete5 5.6.0Concrete5 Concrete5 5.6.0.2
NA
CVE-2014-5107
concrete5 prior to 5.6.3 allows remote malicious users to obtain the installation path via a direct request to (1) system/basics/editor.php, (2) system/view.php, (3) system/environment/file_storage_locations.php, (4) system/mail/importers.php, (5) system/mail/method.php, (6) syst...
Concretecms Concrete Cms 5.4.2.2Concrete5 Concrete5 5.5.0Concrete5 Concrete5 5.5.1Concrete5 Concrete5 5.5.2Concretecms Concrete Cms 5.6.1Concretecms Concrete Cms 5.6.1.1Concretecms Concrete Cms 5.6.1.2Concretecms Concrete Cms 5.6.2Concretecms Concrete Cms 5.6.2.1Concretecms Concrete Cms 5.4.2.1Concrete5 Concrete5 5.5.2.1Concrete5 Concrete5 5.6.0.1Concretecms Concrete Cms 5.4.2Concrete5 Concrete5 5.6.0Concrete5 Concrete5 5.6.0.2
6.1
CVSSv3
CVE-2017-6905
An issue exists in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (disable_choose) passed to the "concrete5-legacy-master/web/concrete/tools/files/search_dialog.php" URL. An attacker could execute arbitrary HTML an...
Concrete5 Concrete5
6.1
CVSSv3
CVE-2017-6908
An issue exists in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (fID) passed to the "concrete5-legacy-master/web/concrete/tools/files/selector_data.php" URL. An attacker could execute arbitrary HTML and script co...
Concrete5 Concrete5
NA
CVE-2015-3989
Multiple cross-site scripting (XSS) vulnerabilities in concrete5 prior to 5.7.4 allow remote malicious users to inject arbitrary web script or HTML via vectors related to private messages or other unspecified vectors.
Concrete5 Concrete5
NA
CVE-2015-2250
Multiple cross-site scripting (XSS) vulnerabilities in concrete5 prior to 5.7.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) banned_word[] parameter to index.php/dashboard/system/conversations/bannedwords/success, (2) channel parameter to index....
Concrete5 Concrete5
NA
CVE-2011-3721
concrete 5.4.0.5, 5.4.1, and 5.4.1.1 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/spellchecker_service.php and certain other files.
Concrete5 Concrete 5.4.1Concrete5 Concrete 5.4.1.1Concrete5 Concrete 5.4.0.5
6.1
CVSSv3
CVE-2021-41464
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote malicious users to inject arbitrary web script or HTML via the rel parameter.
Concrete5-legacy Project Concrete5-legacy
6.1
CVSSv3
CVE-2021-41461
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote malicious users to inject arbitrary web script or HTML via the mode parameter.
Concrete5-legacy Project Concrete5-legacy
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook