Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
concretecms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-28475
Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 up to and including 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized.
Concretecms Concrete Cms
NA
CVE-2023-28476
Concrete CMS (previously concrete5) in versions 9.0 up to and including 9.1.3 is vulnerable to Stored XSS on Tags on uploaded files.
Concretecms Concrete Cms
NA
CVE-2023-28477
Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 up to and including 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter.
Concretecms Concrete Cms
NA
CVE-2022-43687
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
Concretecms Concrete Cms
NA
CVE-2022-43689
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure.
Concretecms Concrete Cms
NA
CVE-2022-43695
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS allows association with an entity name that doesn’t exist or, if it does exis...
Concretecms Concrete Cms
9
CVSSv2
CVE-2020-24986
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands.
Concretecms Concrete Cms
9
CVSSv2
CVE-2020-11476
Concrete5 prior to 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file.
Concretecms Concrete Cms
4.3
CVSSv2
CVE-2022-30118
Title for CVE: XSS in /dashboard/system/express/entities/forms/save_control/[GUID]: old browsers only.Description: When using Internet Explorer with the XSS protection disabled, editing a form control in an express entities form for Concrete 8.5.7 and below as well as Concrete 9....
Concretecms Concrete Cms
5.8
CVSSv2
CVE-2021-22949
A CSRF in Concrete CMS version 8.5.5 and below allows an malicious user to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team"
Concretecms Concrete Cms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »