Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
concretecms vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-40108
An issue exists in Concrete CMS up to and including 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint.
Concretecms Concrete Cms
6.4
CVSSv3
CVE-2021-40109
A SSRF issue exists in Concrete CMS up to and including 8.5.5. Users can access forbidden files on their local network. A user with permissions to upload files from external sites can upload a URL that redirects to an internal resource of any file type. The redirect is followed a...
Concretecms Concrete Cms
5.4
CVSSv3
CVE-2023-28471
Concrete CMS (previously concrete5) in versions 9.0 up to and including 9.1.3 is vulnerable to Stored XSS via a container name.
Concretecms Concrete Cms
6.1
CVSSv3
CVE-2023-28475
Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 up to and including 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized.
Concretecms Concrete Cms
5.3
CVSSv3
CVE-2023-28821
Concrete CMS (previously concrete5) prior to 9.1 did not have a rate limit for password resets.
Concretecms Concrete Cms
7.5
CVSSv3
CVE-2021-22951
Unauthorized individuals could view password protected files using view_inline in Concrete CMS (previously concrete 5) prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in view_inline and, if it does, the file is not rendered.For version 8.5.6, the f...
Concretecms Concrete Cms
8.8
CVSSv3
CVE-2021-22954
A cross-site request forgery vulnerability exists in Concrete CMS <v9 that could allow an malicious user to make requests on behalf of other users.
Concretecms Concrete Cms
1 Github repository
7.5
CVSSv3
CVE-2021-22967
In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added to verify a user has permissions to view files before attaching the files to a message i...
Concretecms Concrete Cms
7.2
CVSSv3
CVE-2021-22968
A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensio...
Concretecms Concrete Cms
1 Github repository
4.3
CVSSv3
CVE-2023-48652
Concrete CMS 9 prior to 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) via /ccm/system/dialogs/logs/delete_all/submit. An attacker can force an admin user to delete server report logs on a web application to which they are currently authenticated.
Concretecms Concrete Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »