Filtered by vendor Concretecms
Subscriptions
Filtered by product Concrete Cms
Subscriptions
Total
109 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-44763 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.4 Medium |
| Concrete CMS v9.2.1 is affected by an Arbitrary File Upload vulnerability via a Thumbnail file upload, which allows Cross-Site Scripting (XSS). NOTE: the vendor's position is that a customer is supposed to know that "pdf" should be excluded from the allowed file types, even though pdf is one of the allowed file types in the default configuration. | ||||
| CVE-2023-44762 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags. | ||||
| CVE-2023-44761 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.4 Medium |
| Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects. | ||||
| CVE-2023-44760 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 4.8 Medium |
| Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. NOTE: the vendor disputes this because these header/footer changes can only be made by an admin, and allowing an admin to place JavaScript there is an intentional customization feature. Also, the exploitation method claimed by "sromanhu" does not provide any access to a Concrete CMS session, because the Concrete CMS session cookie is configured as HttpOnly. | ||||
| CVE-2023-28819 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 3.5 Low |
| Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names. | ||||
| CVE-2023-28477 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.5 Medium |
| Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter. | ||||
| CVE-2023-28476 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.4 Medium |
| Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Tags on uploaded files. | ||||
| CVE-2023-28475 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.1 Medium |
| Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized. | ||||
| CVE-2023-28472 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.3 Medium |
| Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies. | ||||
| CVE-2022-43688 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 4.8 Medium |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in icons since the Microsoft application tile color is not sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | ||||
| CVE-2022-30120 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.1 Medium |
| XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reporting | ||||
| CVE-2022-30119 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.1 Medium |
| XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 2 with CVSS v3.1 Vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N. Thanks zeroinside for reporting. | ||||
| CVE-2022-30118 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.1 Medium |
| Title for CVE: XSS in /dashboard/system/express/entities/forms/save_control/[GUID]: old browsers only.Description: When using Internet Explorer with the XSS protection disabled, editing a form control in an express entities form for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 can allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 2 with CVSS v3.1 Vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N. Thanks zeroinside for reporting. | ||||
| CVE-2022-30117 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 9.1 Critical |
| Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesn’t allow traversal and by changing isFullChunkFilePresent to have an early false return when input doesn't match expectations.Concrete CMS Security team ranked this 5.8 with CVSS v3.1 vector AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H. Credit to Siebene for reporting. | ||||
| CVE-2022-21829 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 9.8 Critical |
| Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concrete_secure’ instead of ‘concrete’. Concrete now only makes requests over https even a request comes in via http. Concrete CMS security team ranked this 8 with CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Credit goes to Anna for reporting HackerOne 1482520. | ||||
| CVE-2021-40109 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.4 Medium |
| A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can access forbidden files on their local network. A user with permissions to upload files from external sites can upload a URL that redirects to an internal resource of any file type. The redirect is followed and loads the contents of the file from the redirected-to server. Files of disallowed types can be uploaded. | ||||
| CVE-2021-40108 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 8.8 High |
| An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint. | ||||
| CVE-2021-40106 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field. | ||||
| CVE-2021-40105 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments. | ||||
| CVE-2021-40104 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 7.5 High |
| An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass. | ||||