Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
concrete5 concrete5 vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2012-5181
Cross-site scripting (XSS) vulnerability in concrete5 Japanese 5.5.1 up to and including 5.5.2.1 and concrete5 English 5.5.0 up to and including 5.6.0.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Concrete5 Concrete5 5.5.0
Concrete5 Concrete5 5.5.1
Concrete5 Concrete5 5.5.2
Concrete5 Concrete5 5.5.2.1
Concrete5 Concrete5 5.6.0
Concrete5 Concrete5 5.6.0.1
Concrete5 Concrete5 5.6.0.2
445
VMScore
CVE-2014-5107
concrete5 prior to 5.6.3 allows remote malicious users to obtain the installation path via a direct request to (1) system/basics/editor.php, (2) system/view.php, (3) system/environment/file_storage_locations.php, (4) system/mail/importers.php, (5) system/mail/method.php, (6) syst...
Concretecms Concrete Cms 5.4.2.2
Concrete5 Concrete5 5.5.0
Concrete5 Concrete5 5.5.1
Concrete5 Concrete5 5.5.2
Concretecms Concrete Cms 5.6.1
Concretecms Concrete Cms 5.6.1.1
Concretecms Concrete Cms 5.6.1.2
Concretecms Concrete Cms 5.6.2
Concretecms Concrete Cms 5.6.2.1
Concretecms Concrete Cms 5.4.2.1
Concrete5 Concrete5 5.5.2.1
Concrete5 Concrete5 5.6.0.1
Concretecms Concrete Cms 5.4.2
Concrete5 Concrete5 5.6.0
Concrete5 Concrete5 5.6.0.2
383
VMScore
CVE-2014-5108
Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 prior to 5.6.3 allows remote malicious users to inject arbitrary web script or HTML via the HTTP Referer header to index.php/download_file.
Concrete5 Concrete5 5.5.0
Concrete5 Concrete5 5.5.1
Concrete5 Concrete5 5.5.2
Concrete5 Concrete5 5.5.2.1
Concretecms Concrete Cms 5.6.1.1
Concretecms Concrete Cms 5.6.1.2
Concretecms Concrete Cms 5.6.2
Concretecms Concrete Cms 5.6.2.1
Concretecms Concrete Cms 5.4.2.1
Concrete5 Concrete5 5.6.0.1
Concretecms Concrete Cms 5.6.1
Concretecms Concrete Cms 5.4.2
Concretecms Concrete Cms 5.4.2.2
Concrete5 Concrete5 5.6.0
Concrete5 Concrete5 5.6.0.2
383
VMScore
CVE-2015-3989
Multiple cross-site scripting (XSS) vulnerabilities in concrete5 prior to 5.7.4 allow remote malicious users to inject arbitrary web script or HTML via vectors related to private messages or other unspecified vectors.
Concrete5 Concrete5
383
VMScore
CVE-2015-2250
Multiple cross-site scripting (XSS) vulnerabilities in concrete5 prior to 5.7.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) banned_word[] parameter to index.php/dashboard/system/conversations/bannedwords/success, (2) channel parameter to index....
Concrete5 Concrete5
383
VMScore
CVE-2017-6905
An issue exists in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (disable_choose) passed to the "concrete5-legacy-master/web/concrete/tools/files/search_dialog.php" URL. An attacker could execute arbitrary HTML an...
Concrete5 Concrete5
383
VMScore
CVE-2017-6908
An issue exists in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (fID) passed to the "concrete5-legacy-master/web/concrete/tools/files/selector_data.php" URL. An attacker could execute arbitrary HTML and script co...
Concrete5 Concrete5
445
VMScore
CVE-2011-3721
concrete 5.4.0.5, 5.4.1, and 5.4.1.1 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/spellchecker_service.php and certain other files.
Concrete5 Concrete 5.4.1
Concrete5 Concrete 5.4.1.1
Concrete5 Concrete 5.4.0.5
383
VMScore
CVE-2021-41461
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote malicious users to inject arbitrary web script or HTML via the mode parameter.
Concrete5-legacy Project Concrete5-legacy
383
VMScore
CVE-2021-41462
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote malicious users to inject arbitrary web script or HTML via the ctID parameter.
Concrete5-legacy Project Concrete5-legacy
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »