Page 13 of 88 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments. Se ha detectado un problema en Concrete CMS versiones hasta 8.5.5. Se presenta una vulnerabilidad de tipo XSS por medio de Comentarios Markdown • https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes https://hackerone.com/reports/1102054 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass. Se ha detectado un problema en Concrete CMS versiones hasta 8.5.5. Hay una omisión de SVG sanitizer • https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes https://hackerone.com/reports/1102088 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF. Se ha detectado un problema en Concrete CMS versiones hasta 8.5.5. Un Salto de Ruta puede conllevar a una lectura de archivos arbitrarios y un ataque de tipo SSRF • https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes https://hackerone.com/reports/1102211 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression. Se ha detectado un problema en Concrete CMS versiones hasta 8.5.5. Un Salto de Ruta conlleva a RCE por medio de una forma externa al añadir una expresión regular • https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes https://hackerone.com/reports/1102080 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter. Se ha detectado un problema en Concrete CMS versiones hasta 8.5.5. Un salto de ruta autenticado conlleva a una ejecución de código remota por medio de código PHP cargado, relacionado con el parámetro bFilename • https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes https://hackerone.com/reports/1102067 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •