Vulnerabilidades en Concrete CMS

74 resultados

CVE-2024-1247LOWConcrete CMS version 9 before 9.2.5 vulnerable to stored XSS via the Role Name fieldEPSS 1.2%CVE-2026-8134CRITICALConcrete CMS 9.5.0 and below is vulnerable to Authenticated RCE via Composer customTemplate Path Traversal leading to PHP File InclusionEPSS 0.7%CVE-2011-3183—A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier.EPSS 0.7%CVE-2026-3452HIGHConcrete CMS below 9.4.8 is vulnerable to stored deserialization leading to RCE in the Express Entry List block.EPSS 0.6%CVE-2024-8291MEDIUMConcrete CMS Stored XSS in Image Editor Background ColorEPSS 0.5%CVE-2026-8135HIGHConcrete CMS 9.5.0 and below is vulnerable to RCE due to insecure deserialization occurring in the ExpressEntryList block controller.EPSS 0.5%CVE-2024-4350MEDIUMConcrete CMS version 9 below 9.3.3 and below 8.5.18 are vulnerable to Stored XSS in RSS DisplayerEPSS 0.5%CVE-2024-1246LOWConcrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import FeatureEPSS 0.5%CVE-2024-7398MEDIUMConcrete CMS Stored XSS Vulnerability in Calendar Event Addition FeatureEPSS 0.4%CVE-2025-8573LOWConcrete CMS 9 through 9.4.2 is vulnerable to Stored XSS from Home Folder on Members Dashboard pageEPSS 0.4%CVE-2024-8661MEDIUMConcrete CMS version 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the "Next&Previous Nav" blockEPSS 0.4%CVE-2024-7394MEDIUMConcrete CMS version 9.0.0 through 9.3.2 and below 8.5.18 - Stored XSS in getAttributeSetName()EPSS 0.4%CVE-2024-1245LOWConcrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributesEPSS 0.4%CVE-2024-7512MEDIUMConcrete CMS Stored XSS in Board instancesEPSS 0.4%CVE-2024-2753LOWConcrete CMS version 9 below 9.2.8 and below 8.5.16 is vulnerable to stored XSS on the calendar color settings screenEPSS 0.4%CVE-2024-3180LOWConcrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type fileEPSS 0.4%CVE-2024-3181LOWConcrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field.EPSS 0.4%CVE-2024-3178LOWConcrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search FilterEPSS 0.4%CVE-2024-3179LOWConcrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class pageEPSS 0.4%CVE-2024-2179LOWConcrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group typeEPSS 0.3%

← anteriorpágina 1 / 4siguiente →