NotCVE - vendor:"Concrete CMS" product:"Concrete CMS" version:" >= 5.0.0

Page 14 of 78 results (0.007 seconds)

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-11476

https://notcve.org/view.php?id=CVE-2020-11476

Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file. Concrete5 versiones anteriores a 8.5.3, permite una Carga Sin Restricciones de Archivos con Tipos Peligrosos, como un archivo .phar • https://github.com/concrete5/concrete5/pull/8713 https://github.com/concrete5/concrete5/releases/tag/8.5.3 https://herolab.usd.de/security-advisories https://herolab.usd.de/security-advisories/usd-2020-0041 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-14961

https://notcve.org/view.php?id=CVE-2020-14961

Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value. Concrete5 versiones anteriores a 8.5.3, no restringe la dirección de clasificación a un valor asc o desc válido • https://github.com/concrete5/concrete5/pull/8651 https://github.com/concrete5/concrete5/releases/tag/8.5.3 •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2011-3183

https://notcve.org/view.php?id=CVE-2011-3183

A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el parámetro rcID en Concrete CMS versión 5.4.1.1 y anteriores. • https://www.openwall.com/lists/oss-security/2011/08/22/11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-19146

https://notcve.org/view.php?id=CVE-2018-19146

Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML data with a SCRIPT element. Concrete5 versión 8.4.3, presenta una vulnerabilidad de tipo XSS porque el archivo config/concrete.php permite la carga (por administradores) de archivos SVG que pueden contener datos HTML con un elemento SCRIPT. • https://hackerone.com/concrete5?view_policy=true https://hackerone.com/reports/437863 https://www.concrete5.org https://www.w3.org/TR/SVG2/intro.html#W3CCompatibility • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-13790

https://notcve.org/view.php?id=CVE-2018-13790

A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page. Una vulnerabilidad de Server-Side Request Forgery (SSRF) en tools/files/importers/remote.php en concrete5 8.2.0 puede dar lugar a ataques en la red local, así como al mapeo de redes internas debido a la funcionalidad URL en la página File Manager. • https://hackerone.com/reports/243865 • CWE-918: Server-Side Request Forgery (SSRF) •

1...12 13 14 15 16