Page 11 of 71 results (0.007 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint. Se ha detectado un problema en Concrete CMS versiones hasta 8.5.5. El Calendario es vulnerable a un ataque de tipo CSRF. La función ccm_token no se verifica en el endpoint ccm/calendar/dialogs/event/add/save • https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes https://hackerone.com/reports/1102018 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field. Se ha detectado un problema en Concrete CMS versiones hasta 8.5.5. Se presenta una vulnerabilidad de tipo XSS almacenado no autenticado en los comentarios del blog por medio del campo website • https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes https://hackerone.com/reports/1102042 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments. Se ha detectado un problema en Concrete CMS versiones hasta 8.5.5. Se presenta una vulnerabilidad de tipo XSS por medio de Comentarios Markdown • https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes https://hackerone.com/reports/1102054 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass. Se ha detectado un problema en Concrete CMS versiones hasta 8.5.5. Hay una omisión de SVG sanitizer • https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes https://hackerone.com/reports/1102088 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF. Se ha detectado un problema en Concrete CMS versiones hasta 8.5.5. Un Salto de Ruta puede conllevar a una lectura de archivos arbitrarios y un ataque de tipo SSRF • https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes https://hackerone.com/reports/1102211 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •