Latest medium severity vulnerabilities for vendor "concretecms"

composer/concrete5/concrete5Concrete CMS Stored XSS Vulnerability in Calendar Event Addition Feature

medium

5.4

EPSS

0.04%

First published (updated )

CVE-2024-7398

composer/concrete5/concrete5Concrete CMS Stored XSS in Image Editor Background Color

medium

4.8

EPSS

0.05%

First published (updated )

CVE-2024-8291

composer/concrete5/concrete5Stored XSS in the "Top Navigator Bar" block

medium

4.8

EPSS

0.04%

First published (updated )

CVE-2024-8660

composer/concrete5/concrete5Concrete CMS version 9 below 9.3.3 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer

medium

4.8

First published (updated )

CVE-2024-4350

composer/concrete5/concrete5Concrete CMS Stored XSS in Board instances

medium

4.8

EPSS

0.04%

First published (updated )

CVE-2024-7512

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

composer/concrete5/concrete5Concrete CMS version 9.0.0 through 9.3.2 and below 8.5.18 - Stored XSS in getAttributeSetName()

medium

4.8

EPSS

0.05%

First published (updated )

CVE-2024-7394

composer/concrete5/concrete5Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes

medium

4.8

First published (updated )

CVE-2024-1245

composer/concrete5/concrete5Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature

medium

4.8

EPSS

0.04%

First published (updated )

CVE-2024-1246

composer/concrete5/concrete5Concrete CMS version 9 before 9.2.5 vulnerable to stored XSS via the Role Name field

medium

4.8

EPSS

0.04%

First published (updated )

CVE-2024-1247

Concretecms Concrete CmsCSRF

medium

4.3

First published (updated )

CVE-2023-48652

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Concretecms Concrete CmsXSS

medium

5.4

First published (updated )

CVE-2023-48649

composer/concrete5/concrete5XSS

medium

5.4

First published (updated )

CVE-2023-44760

Concretecms Concrete CmsXSS, Malicious File Upload

medium

5.4

First published (updated )

CVE-2023-44763

composer/concrete5/concrete5XSS

medium

5.4

EPSS

0.04%

First published (updated )

CVE-2023-44764

Concretecms Concrete CmsXSS

medium

5.4

First published (updated )

CVE-2023-44766

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Concretecms Concrete CmsXSS

medium

5.4

First published (updated )

CVE-2023-44761

composer/concrete5/concrete5XSS

medium

5.4

First published (updated )

CVE-2023-44762

Concretecms Concrete CmsXSS

medium

5.4

First published (updated )

CVE-2023-44765

Concretecms Concrete CmsXSS

medium

5.4

First published (updated )

CVE-2023-28476

Concretecms Concrete CmsXSS

medium

6.1

First published (updated )

CVE-2023-28475

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Concretecms Concrete CmsXSS

medium

5.4

First published (updated )

CVE-2023-28474

Concretecms Concrete CmsConcrete CMS (previously concrete5) before 9.2 does not have Secure and HTTP only attributes set for…

medium

5.3

First published (updated )

CVE-2023-28472

Concretecms Concrete CmsXSS

medium

5.4

First published (updated )

CVE-2023-28471

Concretecms Concrete CmsXSS

medium

5.5

First published (updated )

CVE-2023-28477

Concretecms Concrete CmsXSS

medium

5.4

First published (updated )

CVE-2023-28819

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Concretecms Concrete CmsXSS

medium

5.4

First published (updated )

CVE-2023-28820

Concretecms Concrete CmsConcrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets.

medium

5.3

First published (updated )

CVE-2023-28821

Concretecms Concrete CmsXSS

medium

6.1

First published (updated )

CVE-2022-43556

Concretecms Concrete CmsXSS

medium

4.8

First published (updated )

CVE-2022-43688

Concretecms Concrete CmsXEE

medium

5.3

First published (updated )

CVE-2022-43689

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Concretecms Concrete CmsConcrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict compar…

medium

6.3

First published (updated )

CVE-2022-43690

Concretecms Concrete CmsXSS

medium

6.1

First published (updated )

CVE-2022-43967

Concretecms Concrete CmsXSS

medium

6.1

First published (updated )

CVE-2022-43968

Concretecms Concrete CmsConcrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose se…

medium

5.3

First published (updated )

CVE-2022-43691

Concretecms Concrete CmsXSS

medium

6.1

First published (updated )

CVE-2022-43694

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Concretecms Concrete CmsConcrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new sess…

medium

5.4

First published (updated )

CVE-2022-43687

Concretecms Concrete CmsXSS

medium

6.1

First published (updated )

CVE-2022-43692

Concretecms Concrete CmsXSS

medium

4.8

First published (updated )

CVE-2022-43695

Concretecms Concrete CmsIn Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteC…

medium

6.5

First published (updated )

CVE-2022-43686

Concretecms Concrete CmsXSS

medium

6.1

First published (updated )

CVE-2022-30118

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Concretecms Concrete CmsXSS

medium

6.1

First published (updated )

CVE-2022-30120

Concretecms Concrete CmsXSS

medium

6.1

First published (updated )

CVE-2022-30119

Concretecms Concrete CmsCVE-2021-22969

First published (updated )

CVE-2021-22969

Concretecms Concrete CmsSSRF

medium

6.4

First published (updated )

CVE-2021-40109

Concretecms Concrete CmsXSS

medium

6.1

First published (updated )

CVE-2021-40106

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Concretecms Concrete CmsXSS

medium

6.1

First published (updated )

CVE-2021-40105

Concretecms Concrete CmsXSS

medium

5.4

First published (updated )

CVE-2021-40100

Concretecms Concrete CmsCSRF

medium

5.8

First published (updated )

CVE-2021-22953

Concretecms Concrete CmsCSRF

medium

6.5

First published (updated )

CVE-2021-22950

Concretecms Concrete CmsCSRF

medium

5.8

First published (updated )

CVE-2021-22949

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Software

composer/concrete5/concrete5Concrete CMS Stored XSS Vulnerability in Calendar Event Addition Feature

composer/concrete5/concrete5Concrete CMS Stored XSS in Image Editor Background Color

composer/concrete5/concrete5Stored XSS in the "Top Navigator Bar" block

composer/concrete5/concrete5Concrete CMS version 9 below 9.3.3 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer

composer/concrete5/concrete5Concrete CMS Stored XSS in Board instances

Never miss a vulnerability like this again

composer/concrete5/concrete5Concrete CMS version 9.0.0 through 9.3.2 and below 8.5.18 - Stored XSS in getAttributeSetName()

composer/concrete5/concrete5Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes

composer/concrete5/concrete5Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature

composer/concrete5/concrete5Concrete CMS version 9 before 9.2.5 vulnerable to stored XSS via the Role Name field

Concretecms Concrete CmsCSRF

Never miss a vulnerability like this again

Concretecms Concrete CmsXSS

composer/concrete5/concrete5XSS

Concretecms Concrete CmsXSS, Malicious File Upload

composer/concrete5/concrete5XSS

Concretecms Concrete CmsXSS

Never miss a vulnerability like this again

Concretecms Concrete CmsXSS

composer/concrete5/concrete5XSS

Concretecms Concrete CmsXSS

Concretecms Concrete CmsXSS

Concretecms Concrete CmsXSS

Never miss a vulnerability like this again

Concretecms Concrete CmsXSS

Concretecms Concrete CmsConcrete CMS (previously concrete5) before 9.2 does not have Secure and HTTP only attributes set for…

Concretecms Concrete CmsXSS

Concretecms Concrete CmsXSS

Concretecms Concrete CmsXSS

Never miss a vulnerability like this again

Concretecms Concrete CmsXSS

Concretecms Concrete CmsConcrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets.

Concretecms Concrete CmsXSS

Concretecms Concrete CmsXSS

Concretecms Concrete CmsXEE

Never miss a vulnerability like this again

Concretecms Concrete CmsConcrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict compar…

Concretecms Concrete CmsXSS

Concretecms Concrete CmsXSS

Concretecms Concrete CmsConcrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose se…

Concretecms Concrete CmsXSS

Never miss a vulnerability like this again

Concretecms Concrete CmsConcrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new sess…

Concretecms Concrete CmsXSS

Concretecms Concrete CmsXSS

Concretecms Concrete CmsIn Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteC…

Concretecms Concrete CmsXSS

Never miss a vulnerability like this again

Concretecms Concrete CmsXSS

Concretecms Concrete CmsXSS

Concretecms Concrete CmsCVE-2021-22969

Concretecms Concrete CmsSSRF

Concretecms Concrete CmsXSS

Never miss a vulnerability like this again

Concretecms Concrete CmsXSS

Concretecms Concrete CmsXSS

Concretecms Concrete CmsCSRF

Concretecms Concrete CmsCSRF

Concretecms Concrete CmsCSRF

Never miss a vulnerability like this again

Company

Resources

Contact