Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
concretecms concrete cms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-43556
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:...
Concretecms Concrete Cms
NA
CVE-2022-43689
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure.
Concretecms Concrete Cms
NA
CVE-2022-43693
Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.
Concretecms Concrete Cms
NA
CVE-2023-48649
Concrete CMS prior to 8.5.13 and 9.x prior to 9.2.2 allows stored XSS on the Admin page via an uploaded file name.
Concretecms Concrete Cms
NA
CVE-2023-48652
Concrete CMS 9 prior to 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) via /ccm/system/dialogs/logs/delete_all/submit. An attacker can force an admin user to delete server report logs on a web application to which they are currently authenticated.
Concretecms Concrete Cms
NA
CVE-2023-28819
Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 up to and including 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names.
Concretecms Concrete Cms
NA
CVE-2023-28820
Concrete CMS (previously concrete5) prior to 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized.
Concretecms Concrete Cms
NA
CVE-2023-28821
Concrete CMS (previously concrete5) prior to 9.1 did not have a rate limit for password resets.
Concretecms Concrete Cms
5.8
CVSSv2
CVE-2021-22949
A CSRF in Concrete CMS version 8.5.5 and below allows an malicious user to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team"
Concretecms Concrete Cms
5
CVSSv2
CVE-2021-22951
Unauthorized individuals could view password protected files using view_inline in Concrete CMS (previously concrete 5) prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in view_inline and, if it does, the file is not rendered.For version 8.5.6, the f...
Concretecms Concrete Cms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
malicious code
camera
CVE-2023-46694
CVE-2023-43847
CVE-2023-30311
CVE-2024-27842
CVE-2024-30165
arbitrary code
CVE-2024-21683
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »