Vulnerabilidades en Concrete CMS
74 resultadosCVE-2026-8411LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/deleteEPSS 0.1%CVE-2026-8416LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file addFavoriteFolder($id)EPSS 0.1%CVE-2026-8412LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/cacheEPSS 0.1%CVE-2026-8427LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file removeFavoriteFolder($id)EPSS 0.1%CVE-2026-8434LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple()EPSS 0.1%CVE-2026-8432LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star()EPSS 0.1%CVE-2026-8414LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/event/duplicateEPSS 0.1%CVE-2026-8413LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/designEPSS 0.1%CVE-2026-8417HIGHConcrete CMS 9.5.0 and below is vulnerable to CSRF in do_update() in the package update controllerEPSS 0.1%CVE-2026-8203HIGHConcrete CMS 9.5.0 and below has Stored XSS on the height parameterEPSS 0.1%CVE-2026-8140HIGHConcrete CMS 9.5.0 and below is vulnerable to CSRF on download() in the package install controllerEPSS 0.1%CVE-2026-7882LOWConcrete CMS 9.5.0 and below is vulnerable to CSRF via the DeleteFile controllerEPSS 0.1%CVE-2026-8435LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file approveVersion()EPSS 0.1%CVE-2026-8340LOWConcrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersionEPSS 0.1%