NotCVE - vendor:"Concrete CMS" product:"Concrete CMS" version:" >= 5.0.0

Page 11 of 78 results (0.011 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-40105

https://notcve.org/view.php?id=CVE-2021-40105

An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments. Se ha detectado un problema en Concrete CMS versiones hasta 8.5.5. Se presenta una vulnerabilidad de tipo XSS por medio de Comentarios Markdown • https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes https://hackerone.com/reports/1102054 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-40104

https://notcve.org/view.php?id=CVE-2021-40104

An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass. Se ha detectado un problema en Concrete CMS versiones hasta 8.5.5. Hay una omisión de SVG sanitizer • https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes https://hackerone.com/reports/1102088 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-40103

https://notcve.org/view.php?id=CVE-2021-40103

An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF. Se ha detectado un problema en Concrete CMS versiones hasta 8.5.5. Un Salto de Ruta puede conllevar a una lectura de archivos arbitrarios y un ataque de tipo SSRF • https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes https://hackerone.com/reports/1102211 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-40098

https://notcve.org/view.php?id=CVE-2021-40098

An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression. Se ha detectado un problema en Concrete CMS versiones hasta 8.5.5. Un Salto de Ruta conlleva a RCE por medio de una forma externa al añadir una expresión regular • https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes https://hackerone.com/reports/1102080 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-40097

https://notcve.org/view.php?id=CVE-2021-40097

An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter. Se ha detectado un problema en Concrete CMS versiones hasta 8.5.5. Un salto de ruta autenticado conlleva a una ejecución de código remota por medio de código PHP cargado, relacionado con el parámetro bFilename • https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes https://hackerone.com/reports/1102067 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

1...9 10 11 12 13