CRITICAL9.8CVE-2022-50807Concrete5 CMS contains an XPath injection vulnerability CRITICAL9.8CVE-2023-28473Concrete CMS (previously concrete5) is vulnerable to possible auth bypass in the jobs section from 0, < 9.2.0
HIGH8.8CVE-2022-43693Concrete CMS vulnerable to Cross-site Request Forgery from 0, < 8.5.10
HIGH8.2Server-Side Request Forgery vulnerability in concrete5
from 0, < 8.5.5
HIGH7.2Unrestricted Uploads in Concrete5
from 0, < 8.5.3
MEDIUM6.5ConcreteCMS is vulnerable to Denial of Service During Bulk Downloads
from 0, <= 9.4.7
MEDIUM6.5Concrete CMS vulnerable to Uncontrolled Resource Consumption leading to DoS
from 0, < 8.5.10
MEDIUM6.3Concrete CMS vulnerable to Improper Authentication
from 0, < 8.5.10
MEDIUM6.1Reflected cross site scripting
from 0, < 9.2.0
MEDIUM6.1Concrete CMS vulnerable to Reflected Cross-site Scripting via image manipulation library
from 0, < 8.5.10
MEDIUM6.1Concrete CMS vulnerable to Reflected Cross-site Scripting
from 0, < 8.5.10
MEDIUM6.1Concrete CMS vulnerable to Cross-site Scripting via multilingual report
from 0, < 8.5.10
MEDIUM6.1Concrete CMS vulnerable to Reflected Cross-Site Scripting via dashboard icons
from 0, < 8.5.10
MEDIUM6.1Concrete CMS vulnerable to cross-site scripting (XSS)
from 0, <= 8.1.0
MEDIUM5.5Stored cross site scripting on API integration
from 0, < 9.2.0
MEDIUM5.4Cross site scripting in Concrete CMS
>= 9.0.0, < 9.3.4
MEDIUM5.4Concrete CMS Cross-site Scripting vulnerability
from 0, <= 9.2.1
MEDIUM5.4ConcreteCMS vulnerable to Stored Cross-site Scripting
from 0, <= 9.2.1
MEDIUM5.4ConcreteCMS Cross-site Scripting vulnerability
from 0, <= 9.2.1
MEDIUM5.4ConcreteCMS Cross-site Scripting vulnerability
from 0, <= 9.2.1
MEDIUM5.4ConcreteCMS Cross-site Scripting vulnerability
from 0, < 9.2.2
MEDIUM5.4ConcreteCMS Cross-site Scripting vulnerability
from 0, < 9.2.2
MEDIUM5.4ConcreteCMS Cross-site Scripting vulnerability
from 0, <= 9.2.1
MEDIUM5.4Stored cross site scripting via container name
from 0, < 9.2.0
MEDIUM5.4Stored cross site scripting on tags
from 0, < 9.2.0
MEDIUM5.4Stored cross site scripting on saved presets
from 0, < 9.2.0
MEDIUM5.4Concrete CMS vulnerable to Session Fixation
from 0, < 8.5.10
MEDIUM5.4Concrete CMS Cross-site Scripting via Survey Blocks
from 0, < 8.5.5
MEDIUM5.3Missing rate limit for password resets
from 0, < 9.1.0
MEDIUM5.3Concrete CMS missing secure cookie parameters
from 0, < 9.2.0
MEDIUM5.3Concrete CMS vulnerable to Cleartext Transmission of Sensitive Information
from 0, < 8.5.10
MEDIUM5.3Concrete CMS vulnerable to XML External Entity
from 0, < 8.5.10
MEDIUM5.3Unrestricted Uploads in Concrete5
from 0, < 8.5.3
MEDIUM4.8Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability
from 0, < 9.4.8
MEDIUM4.8Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability
from 0, < 9.4.8
MEDIUM4.8Cross site scripting in Concrete CMS
>= 9.0.0, < 9.3.4
MEDIUM4.8Concrete CMS stored XSS vulnerability in the "Top Navigator Bar" block
>= 9.0.0, < 9.3.3
MEDIUM4.8Concrete CMS Stored XSS in Layout Preset Name
from 0, < 8.5.14
MEDIUM4.8Concrete CMS Cross-site Scripting vulnerability
from 0, < 8.5.10
MEDIUM4.8Concrete CMS vulnerable to Cross-site Scripting
from 0, < 8.5.10
MEDIUM4.3Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
from 0, < 8.5.14
MEDIUM4.3Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
>= 9.0.0, < 9.2.3
MEDIUM4.3Concrete CMS Cross Site Request Forgery (CSRF)
from 0, < 9.2.3
MEDIUM4.2Concrete CMS vulnerable to cross-site scripting in the text input field
from 0, < 8.5.10
LOW3.5ConcreteCMS Cross-Site Scripting (XSS) via HTML Block Text Field
from 0, <= 9.3.9
LOW3.5Concrete CMS Cross-site Scripting vulnerability
from 0, < 8.5.13
LOW3.5Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names
from 0, < 9.1.0
LOW3.1Concrete CMS vulnerable to Stored Cross-site Scripting
>= 9.0.0, <= 9.3.2
LOW3.1Concrete CMS Stored XSS in the Custom Class page editing
>= 9.0.0RC1, < 9.2.8
LOW3.1Concrete CMS Stored XSS in the Search Field
>= 9.0.0RC1, < 9.2.8
LOW3.1Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter
>= 9.0.0RC1, < 9.2.8
LOW3.1Concrete CMS Stored XSS in blocks of type file
>= 9.0.0RC1, < 9.2.8
LOW3.0Concrete CMS Stored Cross-site Scripting vulnerability
from 0, < 8.5.18
LOW2.4Concrete CMS Stored XSS in the "Next&Previous Nav" block
from 0, < 8.5.19
LOW2.4Concrete CMS Stored XSS
>= 9.0.0, < 9.2.3
LOW2.4Concrete CMS vulnerable to stored XSS in file tags and description attributes
>= 9.0.0RC1, < 9.2.5
LOW2.2Concrete CMS Stored Cross-site Scripting vulnerability
from 0, < 9.2.7
LOW2.0Concrete CMS vulnerable to Stored Cross-site Scripting
>= 9.0.0RC1, < 9.3.3
LOW2.0Concrete CMS Stored XSS in getAttributeSetName
from 0, < 8.5.18
LOW2.0Concrete CMS Stored XSS on the calendar color settings screen
>= 9.0.0RC1, < 9.2.8
LOW2.0Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature
>= 9.0.0RC1, < 9.2.5
LOW2.0Concrete CMS vulnerable to stored XSS via the Role Name field
>= 9.0.0RC1, < 9.2.5
LOW2.0Stored cross site scripting in RSS displayer
from 0, < 9.1.0
—Concrete CMS vulnerable to Cross-Site Request Forgery (CSRF)
from 0, < 9.4.8
—Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability
from 0, < 9.4.8
—Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability
from 0, < 9.4.8
—Concrete CMS vulnerable to Remote Code Execution by stored PHP object injection
from 0, < 9.4.8
—Concrete CMS is vulnerable to Stored XSS from Home Folder on Members Dashboard page
>= 9.0.0RC1, < 9.4.3
—Concrete CMS vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page
from 0, < 8.5.21
—Concrete CMS Vulnerable to Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS)
>= 9.0.0, < 9.4.0RC2
—Concrete CMS affected by a stored XSS in Folder Function.The "Add Folder" functionality
from 0, < 9.4.0RC1
—Concrete CMS allows unauthorized access because directories can be created with insecure permissions
from 0, < 8.5.13
—concrete5 vulnerable to Cross-site Scripting
from 0, < 5.7.4
—Concrete5 Vulnerable to Cross-Site Scripting (XSS)
>= 5.5.1, < 5.6.1
—Cross Site Request Forgery in concrete5/concrete5
from 0, < 9.0.0