Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
concretecms concrete cms 9.2.1 vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2023-44760
Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an malicious user to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. NOTE: the vendor disputes this because these header/footer chang...
Concretecms Concrete Cms 9.2.1
5.4
CVSSv3
CVE-2023-44763
Concrete CMS v9.2.1 is affected by an Arbitrary File Upload vulnerability via a Thumbnail file upload, which allows Cross-Site Scripting (XSS). NOTE: the vendor's position is that a customer is supposed to know that "pdf" should be excluded from the allowed file ty...
Concretecms Concrete Cms 9.2.1
5.4
CVSSv3
CVE-2023-44761
Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 up to and including 9.2.1 allow a local malicious user to execute arbitrary code via a crafted script to the Forms of the Data objects.
Concretecms Concrete Cms 9.2.1
5.4
CVSSv3
CVE-2023-44762
A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an malicious user to execute arbitrary code via a crafted script to the Tags from Settings - Tags.
Concretecms Concrete Cms 9.2.1
5.4
CVSSv3
CVE-2023-44764
A Cross Site Scripting (XSS) vulnerability in Concrete CMS prior to 9.2.3 exists via the Name parameter during installation (aka Site of Installation or Settings).
Concretecms Concrete Cms 9.2.1
5.4
CVSSv3
CVE-2023-44765
A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 up to and including 9.2.1 allows an malicious user to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings.
Concretecms Concrete Cms 9.2.1
4.8
CVSSv3
CVE-2023-44766
A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an malicious user to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE: the vendor disputes this because this SEO-related header change can only be made by an admin, an...
Concretecms Concrete Cms 9.2.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-3611
CVE-2024-4947
CVE-2024-32988
CVE-2020-35165
local file inclusion
CVE-2024-4980
bypass
malicious code
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started