Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
concretecms concrete cms vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2021-22958
A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0 AV:A/...
Concretecms Concrete Cms
578
VMScore
CVE-2021-22966
Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted "view" permissions on the bulkupdate page, then users in that group can escalate to being an administrator with a specially crafted curl. Fixed by addi...
Concretecms Concrete Cms
NA
CVE-2024-1245
Concrete CMS version 9 prior to 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or d...
Concretecms Concrete Cms
NA
CVE-2024-1246
Concrete CMS in version 9 prior to 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicio...
Concretecms Concrete Cms
NA
CVE-2024-1247
Concrete CMS version 9 prior to 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when ...
Concretecms Concrete Cms
NA
CVE-2023-28819
Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 up to and including 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names.
Concretecms Concrete Cms
NA
CVE-2023-28820
Concrete CMS (previously concrete5) prior to 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized.
Concretecms Concrete Cms
NA
CVE-2023-28821
Concrete CMS (previously concrete5) prior to 9.1 did not have a rate limit for password resets.
Concretecms Concrete Cms
NA
CVE-2022-43686
In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service (high load).
Concretecms Concrete Cms
NA
CVE-2022-43688
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in icons since the Microsoft application tile color is not sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
Concretecms Concrete Cms
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »