Filter
-Infinity
0
Trending
Software
Concrete5Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict compar…
6.3
First published (updated )
Concrete5Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose se…
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Concrete5Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new sess…
5.4
First published (updated )
composer/concrete5/concrete5In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteC…
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/concrete5/concrete5Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature
4.8
EPSS
0.04%
First published (updated )
ConcreteCMSConcreteCMS List Block cross site scripting
5.1
EPSS
0.03%
First published (updated )
ConcreteCMSConcreteCMS Feature Link Block save cross site scripting
5.1
EPSS
0.03%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
ConcreteCMSConcreteCMS Switch Language Block cross site scripting
5.1
EPSS
0.03%
First published (updated )
ConcreteCMSConcreteCMS Page Attribute Display Block cross site scripting
5.1
EPSS
0.03%
First published (updated )
ConcreteCMSConcreteCMS FAQ Block save cross site scripting
5.1
EPSS
0.03%
First published (updated )
ConcreteCMSConcreteCMS Accordion Block save cross site scripting
5.1
EPSS
0.03%
First published (updated )
ConcreteCMSConcreteCMS Content Block save cross site scripting
5.1
EPSS
0.03%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
ConcreteCMSConcreteCMS HTML Block save HTML injection
3.5
EPSS
0.03%
First published (updated )
ConcreteCMSConcreteCMS Feature Block save cross site scripting
5.1
EPSS
0.03%
First published (updated )
ConcreteCMSConcreteCMS Legacy Form Block addEditQuestion cross site scripting
5.1
EPSS
0.03%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/concrete5/concrete5Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets.
5.3
First published (updated )
composer/concrete5/concrete5Concrete CMS Stored XSS in Image Editor Background Color
5.1
EPSS
0.05%
First published (updated )
composer/concrete5/concrete5Concrete CMS version 9 below 9.3.3 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer
5.1
First published (updated )
composer/concrete5/concrete5Stored XSS in Generate Board Name Input Field
4.8
First published (updated )
composer/concrete5/concrete5Concrete CMS Stored XSS Vulnerability in Calendar Event Addition Feature
5.4
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.