CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-2972 – ConcreteCMS Page Attribute Display Block cross site scripting
https://notcve.org/view.php?id=CVE-2025-2972
31 Mar 2025 — A vulnerability, which was classified as problematic, has been found in ConcreteCMS up to 9.3.9. Affected by this issue is some unknown functionality of the component Page Attribute Display Block Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc10.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-2971 – ConcreteCMS List Block cross site scripting
https://notcve.org/view.php?id=CVE-2025-2971
31 Mar 2025 — A vulnerability classified as problematic was found in ConcreteCMS up to 9.3.9. Affected by this vulnerability is an unknown functionality of the component List Block Handler. The manipulation of the argument Name/Description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc9.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-2970 – ConcreteCMS Switch Language Block cross site scripting
https://notcve.org/view.php?id=CVE-2025-2970
31 Mar 2025 — A vulnerability classified as problematic has been found in ConcreteCMS up to 9.3.9. Affected is an unknown function of the component Switch Language Block Handler. The manipulation of the argument Label leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc8.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-2969 – ConcreteCMS Feature Link Block save cross site scripting
https://notcve.org/view.php?id=CVE-2025-2969
31 Mar 2025 — A vulnerability was found in ConcreteCMS up to 9.3.9. It has been rated as problematic. This issue affects the function Save of the component Feature Link Block Handler. The manipulation of the argument Title/Body Source/Button Text leads to cross site scripting. The attack may be initiated remotely. • https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc7.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-2968 – ConcreteCMS Feature Block save cross site scripting
https://notcve.org/view.php?id=CVE-2025-2968
31 Mar 2025 — A vulnerability was found in ConcreteCMS up to 9.3.9. It has been declared as problematic. This vulnerability affects the function Save of the component Feature Block Handler. The manipulation of the argument Paragraph Source leads to cross site scripting. The attack can be initiated remotely. • https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc6.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-2967 – ConcreteCMS HTML Block save HTML injection
https://notcve.org/view.php?id=CVE-2025-2967
31 Mar 2025 — A vulnerability was found in ConcreteCMS up to 9.3.9. It has been classified as problematic. This affects the function Save of the component HTML Block Handler. The manipulation of the argument content leads to HTML injection. It is possible to initiate the attack remotely. • https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc5.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-54808
https://notcve.org/view.php?id=CVE-2024-54808
31 Mar 2025 — The vulnerability allows for control of the program counter and can be utilized to achieve arbitrary code execution. • https://faultpoint.com/post/2025-03-25-8-cves-on-the-wnr854t-junkyard/#808 •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-2966 – ConcreteCMS Content Block save cross site scripting
https://notcve.org/view.php?id=CVE-2025-2966
30 Mar 2025 — A vulnerability was found in ConcreteCMS up to 9.3.9 and classified as problematic. Affected by this issue is the function Save of the component Content Block Handler. The manipulation of the argument Source leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc4.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-2965 – ConcreteCMS Accordion Block save cross site scripting
https://notcve.org/view.php?id=CVE-2025-2965
30 Mar 2025 — A vulnerability has been found in ConcreteCMS up to 9.3.9 and classified as problematic. Affected by this vulnerability is the function Save of the component Accordion Block Handler. The manipulation of the argument Title/Body Source leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc3.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-2964 – ConcreteCMS FAQ Block save cross site scripting
https://notcve.org/view.php?id=CVE-2025-2964
30 Mar 2025 — A vulnerability, which was classified as problematic, was found in ConcreteCMS up to 9.3.9. Affected is the function Save of the component FAQ Block Handler. The manipulation of the argument Navigation/Title Text/Description Source leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc2.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •