Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
concretecms concrete cms vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2023-28821
Concrete CMS (previously concrete5) prior to 9.1 did not have a rate limit for password resets.
Concretecms Concrete Cms
5.3
CVSSv3
CVE-2017-18195
An issue exists in tools/conversations/view_ajax.php in Concrete5 prior to 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers.
Concretecms Concrete Cms
1 EDB exploit
8.8
CVSSv3
CVE-2021-40097
An issue exists in Concrete CMS up to and including 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter.
Concretecms Concrete Cms
5.4
CVSSv3
CVE-2021-40100
An issue exists in Concrete CMS up to and including 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text.
Concretecms Concrete Cms
7.5
CVSSv3
CVE-2021-40103
An issue exists in Concrete CMS up to and including 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF.
Concretecms Concrete Cms
6.4
CVSSv3
CVE-2021-40109
A SSRF issue exists in Concrete CMS up to and including 8.5.5. Users can access forbidden files on their local network. A user with permissions to upload files from external sites can upload a URL that redirects to an internal resource of any file type. The redirect is followed a...
Concretecms Concrete Cms
4.8
CVSSv3
CVE-2024-1245
Concrete CMS version 9 prior to 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or d...
Concretecms Concrete Cms
4.8
CVSSv3
CVE-2024-1247
Concrete CMS version 9 prior to 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when ...
Concretecms Concrete Cms
6.1
CVSSv3
CVE-2022-43967
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
Concretecms Concrete Cms
6.1
CVSSv3
CVE-2022-43968
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
Concretecms Concrete Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »