Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
concretecms vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2021-28145
Concrete CMS (formerly concrete5) prior to 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges.
Concretecms Concrete Cms
578
VMScore
CVE-2021-40097
An issue exists in Concrete CMS up to and including 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter.
Concretecms Concrete Cms
383
VMScore
CVE-2021-40106
An issue exists in Concrete CMS up to and including 8.5.5. There is unauthenticated stored XSS in blog comments via the website field.
Concretecms Concrete Cms
NA
CVE-2022-43686
In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service (high load).
Concretecms Concrete Cms
505
VMScore
CVE-2017-18195
An issue exists in tools/conversations/view_ajax.php in Concrete5 prior to 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers.
Concretecms Concrete Cms
1 EDB exploit
383
VMScore
CVE-2022-30119
XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 up to and including 9.0.2. This can...
Concretecms Concrete Cms
383
VMScore
CVE-2022-30120
XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 up to and including 9...
Concretecms Concrete Cms
NA
CVE-2023-28471
Concrete CMS (previously concrete5) in versions 9.0 up to and including 9.1.3 is vulnerable to Stored XSS via a container name.
Concretecms Concrete Cms
NA
CVE-2023-28472
Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 up to and including 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies.
Concretecms Concrete Cms
NA
CVE-2023-28473
Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 up to and including 9.1.3 is vulnerable to possible Auth bypass in the jobs section.
Concretecms Concrete Cms
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »