Filtered by vendor Concretecms
Subscribe
Search
Total
32 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28471 | 1 Concretecms | 1 Concrete Cms | 2024-01-09 | N/A | 5.4 MEDIUM |
| Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS via a container name. | |||||
| CVE-2023-28476 | 1 Concretecms | 1 Concrete Cms | 2024-01-09 | N/A | 5.4 MEDIUM |
| Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Tags on uploaded files. | |||||
| CVE-2023-28474 | 1 Concretecms | 1 Concrete Cms | 2024-01-09 | N/A | 5.4 MEDIUM |
| Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Saved Presets on search. | |||||
| CVE-2023-48652 | 1 Concretecms | 1 Concrete Cms | 2023-12-29 | N/A | 4.3 MEDIUM |
| Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) via /ccm/system/dialogs/logs/delete_all/submit. An attacker can force an admin user to delete server report logs on a web application to which they are currently authenticated. | |||||
| CVE-2023-44766 | 1 Concretecms | 1 Concrete Cms | 2023-12-21 | N/A | 4.8 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE: the vendor disputes this because this SEO-related header change can only be made by an admin, and allowing an admin to place JavaScript there is an intentional customization feature. | |||||
| CVE-2023-44765 | 1 Concretecms | 1 Concrete Cms | 2023-12-07 | N/A | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings. | |||||
| CVE-2023-44761 | 1 Concretecms | 1 Concrete Cms | 2023-12-07 | N/A | 5.4 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects. | |||||
| CVE-2023-28475 | 1 Concretecms | 1 Concrete Cms | 2023-12-06 | N/A | 6.1 MEDIUM |
| Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized. | |||||
| CVE-2023-28477 | 1 Concretecms | 1 Concrete Cms | 2023-12-06 | N/A | 5.4 MEDIUM |
| Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter. | |||||
| CVE-2023-28819 | 1 Concretecms | 1 Concrete Cms | 2023-12-06 | N/A | 5.4 MEDIUM |
| Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names. | |||||
| CVE-2023-28472 | 1 Concretecms | 1 Concrete Cms | 2023-12-06 | N/A | 5.3 MEDIUM |
| Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies. | |||||
| CVE-2023-48649 | 1 Concretecms | 1 Concrete Cms | 2023-11-22 | N/A | 5.4 MEDIUM |
| Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name. | |||||
| CVE-2023-44762 | 1 Concretecms | 1 Concrete Cms | 2023-11-17 | N/A | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags. | |||||
| CVE-2023-44760 | 1 Concretecms | 1 Concrete Cms | 2023-11-15 | N/A | 5.4 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. NOTE: the vendor disputes this because these header/footer changes can only be made by an admin, and allowing an admin to place JavaScript there is an intentional customization feature. Also, the exploitation method claimed by "sromanhu" does not provide any access to a Concrete CMS session, because the Concrete CMS session cookie is configured as HttpOnly. | |||||
| CVE-2022-43695 | 1 Concretecms | 1 Concrete Cms | 2023-08-08 | N/A | 4.8 MEDIUM |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS allows association with an entity name that doesn’t exist or, if it does exist, contains XSS since it was not properly sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | |||||
| CVE-2022-43690 | 1 Concretecms | 1 Concrete Cms | 2023-08-08 | N/A | 6.3 MEDIUM |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this functionality. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | |||||
| CVE-2022-43686 | 1 Concretecms | 1 Concrete Cms | 2023-08-08 | N/A | 6.5 MEDIUM |
| In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service (high load). | |||||
| CVE-2022-30120 | 1 Concretecms | 1 Concrete Cms | 2022-07-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reporting | |||||
| CVE-2022-30119 | 1 Concretecms | 1 Concrete Cms | 2022-07-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 2 with CVSS v3.1 Vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N. Thanks zeroinside for reporting. | |||||
| CVE-2022-30118 | 1 Concretecms | 1 Concrete Cms | 2022-07-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Title for CVE: XSS in /dashboard/system/express/entities/forms/save_control/[GUID]: old browsers only.Description: When using Internet Explorer with the XSS protection disabled, editing a form control in an express entities form for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 can allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 2 with CVSS v3.1 Vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N. Thanks zeroinside for reporting. | |||||
| CVE-2021-22969 | 1 Concretecms | 1 Concrete Cms | 2021-11-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading rather than relying on DNS.Discoverer: Adrian Tiron from FORTBRIDGE ( https://www.fortbridge.co.uk/ )The Concrete CMS team gave this a CVSS 3.1 score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N . Please note that Cloud IAAS provider mis-configurations are not Concrete CMS vulnerabilities. A mitigation for this vulnerability is to make sure that the IMDS configurations are according to a cloud provider's best practices.This fix is also in Concrete version 9.0.0 | |||||
| CVE-2021-28145 | 1 Concretecms | 1 Concrete Cms | 2021-11-17 | 3.5 LOW | 5.4 MEDIUM |
| Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges. | |||||
| CVE-2017-18195 | 1 Concretecms | 1 Concrete Cms | 2021-11-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers. | |||||
| CVE-2020-14961 | 1 Concretecms | 1 Concrete Cms | 2021-11-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value. | |||||
| CVE-2021-22949 | 1 Concretecms | 1 Concrete Cms | 2021-10-19 | 5.8 MEDIUM | 5.4 MEDIUM |
| A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team" | |||||
| CVE-2021-22953 | 1 Concretecms | 1 Concrete Cms | 2021-10-19 | 5.8 MEDIUM | 5.4 MEDIUM |
| A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team" | |||||
| CVE-2021-40105 | 1 Concretecms | 1 Concrete Cms | 2021-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments. | |||||
| CVE-2021-40106 | 1 Concretecms | 1 Concrete Cms | 2021-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field. | |||||
| CVE-2021-40100 | 1 Concretecms | 1 Concrete Cms | 2021-09-30 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text. | |||||
| CVE-2021-22950 | 1 Concretecms | 1 Concrete Cms | 2021-09-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team" | |||||
| CVE-2021-40109 | 1 Concretecms | 1 Concrete Cms | 2021-09-30 | 5.5 MEDIUM | 6.4 MEDIUM |
| A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can access forbidden files on their local network. A user with permissions to upload files from external sites can upload a URL that redirects to an internal resource of any file type. The redirect is followed and loads the contents of the file from the redirected-to server. Files of disallowed types can be uploaded. | |||||
| CVE-2021-3111 | 1 Concretecms | 1 Concrete Cms | 2021-07-22 | 3.5 LOW | 4.8 MEDIUM |
| The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI. | |||||