Exposição de Concrete CMS
CMS106
score de exposição
4.222
sites usam
0
em exploração
1
críticos
CVEs
74 resultadosCVE-2025-8571MEDIUMConcrete CMS 9 through 9.4.2 and below 8.5.21 is vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard PageEPSS 0.3%CVE-2026-8350HIGHConcrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php which can lead to privilege escalation to Administrative GroupEPSS 0.3%CVE-2025-0660MEDIUMStored XSS in Folder Function by Rogue AdminEPSS 0.3%CVE-2026-7886LOWConcrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments[] parameterEPSS 0.3%CVE-2024-4353MEDIUMStored XSS in Generate Board Name Input FieldEPSS 0.3%CVE-2024-8660MEDIUMStored XSS in the "Top Navigator Bar" blockEPSS 0.3%CVE-2026-6826MEDIUMConcrete 9.5.0 and below has file usage disclosure via missing permission check in Usage controllerEPSS 0.3%CVE-2026-7879MEDIUMConcrete CMS 9.5.0 and below is vulnerable to File Download Authorization Bypass in submit_password()EPSS 0.2%CVE-2026-3240MEDIUMConcrete CMS below 9.4.8 is vulnerable to Stored XSS via Legacy formEPSS 0.2%CVE-2026-8205MEDIUMConcrete CMS 9.5.0 and below is vulnerable to authorization bypass in Calendar Block since action_get_events does not check canView on the calendarEPSS 0.2%CVE-2026-8204MEDIUMConcrete CMS 9.5.0 and below is vulnerable to Authorization Bypass in the Calendar Event Frontend DialogEPSS 0.2%CVE-2026-3241MEDIUMConcrete CMS below version 9.4.8 is vulnerable to a stored cross-site scripting (XSS) in the "Legacy Form" block.EPSS 0.2%CVE-2026-2994LOWConcrete CMS below 9.4.8 is vulnerable to CSRF by a Rogue Admin using the Anti-Spam Allowlist GroupEPSS 0.2%CVE-2026-7881MEDIUMConcrete CMS 9.5.0 and below is vulnerable to IDOR in the Express Entry Detail blockEPSS 0.2%CVE-2026-8236MEDIUMConcrete CMS 9.5.0 and below is vulnerable to IDOR combined with a missing authentication gate for endpoint /ccm/system/dialogs/file/usage/{fID}EPSS 0.2%CVE-2026-8237MEDIUMConcrete CMS 9.5.0 and below is vulnerable to IDOR in the`/ccm/frontend/conversations/message_detail` endpointEPSS 0.2%CVE-2026-8238MEDIUMConcrete CMS 9.5.0 and below is vulnerable to IDOR in '/ccm/frontend/conversations/message_page' allowing unauthenticated read of any conversation messageEPSS 0.2%CVE-2026-3242MEDIUMConcrete CMS below 9.4.8 is vulnerable to Stored XSS in the Switch Language blockEPSS 0.2%CVE-2026-8239MEDIUMConcrete CMS 9.5.0 and below is vulnerable to IDOR in '/ccm/frontend/conversations/get_rating'EPSS 0.2%CVE-2026-8240MEDIUMConcrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure in Backend\SummaryTemplateEPSS 0.2%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →