Exposición de Concrete CMS
CMS106
score de exposición
4222
sitios usan
0
en explotación
1
críticos
CVEs
74 resultadosCVE-2026-3244MEDIUMConcrete CMS below version 9.4.8 is vulnerable to Stored XSS in Search Results via Page NamesEPSS 0.2%CVE-2026-8337MEDIUMConcrete CMS 9.5.0 and below is vulnerable to IDOR in surveys when sites are running concurrent public surveys and private surveysEPSS 0.2%CVE-2026-8327MEDIUMConcrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass.EPSS 0.2%CVE-2026-8197HIGHConcrete CMS 9.5.0 and below is vulnerable to Stored XSS via OAuth integration nameEPSS 0.2%CVE-2026-7888HIGHConcrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes restriction.EPSS 0.2%CVE-2026-8347LOWConcrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in Express association Reorder dialogEPSS 0.2%CVE-2026-7887LOWFor Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account StatusEPSS 0.2%CVE-2026-8421HIGHConcrete CMS 9.5.0 and below is vulnerable to CSRF on install_package() with conditional token bypass leading to RCEEPSS 0.2%CVE-2026-8426HIGHConcrete CMS 9.5.0 and below is vulnerable to CSRF on prepare_remote_upgrade() leading to one-request RCE via package overwriteEPSS 0.2%CVE-2025-3153MEDIUMConcrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 - CSRF and XSS in Concrete CMS Custom Address attributeEPSS 0.2%CVE-2026-7890LOWConcrete CMS 9.5.0 is vulnerable to SSRF via RSS Displayer BlockEPSS 0.2%CVE-2026-8139LOWConcrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvNameEPSS 0.1%CVE-2026-8353LOWConcrete CMS version 9.0 to 9.5.0 is vulnerable to Stored XSS via page name in atomik themeEPSS 0.1%CVE-2026-8410LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk/deleteEPSS 0.1%CVE-2026-8409LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/deleteEPSS 0.1%CVE-2026-10721HIGHConcrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the in Permission, Cache, and Search componentsEPSS 0.1%CVE-2026-8245MEDIUMConcrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injectionEPSS 0.1%CVE-2026-8428HIGHCSRF token is not validated in the core CMS update controller for Concrete CMS 9.5.0 and belowEPSS 0.1%CVE-2026-8427LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file removeFavoriteFolder($id)EPSS 0.1%CVE-2026-8411LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/deleteEPSS 0.1%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →