Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Concrete_cms
(Concretecms)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 99 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-04-28 | CVE-2023-28473 | Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section. | Concrete_cms | 3.3 | ||
| 2023-04-28 | CVE-2023-28474 | Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Saved Presets on search. | Concrete_cms | 5.4 | ||
| 2023-04-28 | CVE-2023-28475 | Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized. | Concrete_cms | 6.1 | ||
| 2023-04-28 | CVE-2023-28476 | Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Tags on uploaded files. | Concrete_cms | 5.4 | ||
| 2023-04-28 | CVE-2023-28477 | Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter. | Concrete_cms | 5.4 | ||
| 2023-04-28 | CVE-2023-28819 | Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names. | Concrete_cms | 5.4 | ||
| 2023-04-28 | CVE-2023-28820 | Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized. | Concrete_cms | 5.4 | ||
| 2023-04-28 | CVE-2023-28821 | Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets. | Concrete_cms | 5.3 | ||
| 2023-10-06 | CVE-2023-44761 | Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects. | Concrete_cms | 5.4 | ||
| 2023-10-06 | CVE-2023-44762 | A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags. | Concrete_cms | 5.4 |