NotCVE - vendor:"Concrete CMS" product:"Concrete CMS" version:" >= 9.0.0

Page 5 of 53 results (0.002 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-44761

https://notcve.org/view.php?id=CVE-2023-44761

Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects. Múltiples vulnerabilidades de Cross Site Scripting (XSS) en Concrete CMS v.9.2.1 permiten a un atacante local ejecutar código arbitrario a través de un script manipulado en los formularios de los objetos de datos. • https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Forms https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-44764

https://notcve.org/view.php?id=CVE-2023-44764

A Cross Site Scripting (XSS) vulnerability in Concrete CMS before 9.2.3 exists via the Name parameter during installation (aka Site of Installation or Settings). Una vulnerabilidad de Cross Site Scripting (XSS) en Concrete CMS v.9.2.1 permite a un atacante ejecutar código arbitrario a través de un script manipulado en el parámetro SITE desde la instalación o en la Configuración. • https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Site_Installation • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-44765

https://notcve.org/view.php?id=CVE-2023-44765

A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings. Una vulnerabilidad de Cross Site Scripting (XSS) en Concrete CMS v.9.2.1 permite a un atacante ejecutar código arbitrario a través de un script manipulado para Plural Handle de los objetos de datos desde System & Settings. • https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Associations https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-44766

https://notcve.org/view.php?id=CVE-2023-44766

A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE: the vendor disputes this because this SEO-related header change can only be made by an admin, and allowing an admin to place JavaScript there is an intentional customization feature. Una vulnerabilidad de Cross Site Scripting (XSS) en Concrete CMS v.9.2.1 permite a un atacante ejecutar código arbitrario a través de un script manipulado para SEO - Extra desde Configuración de página. • https://github.com/sromanhu/ConcreteCMS-Stored-XSS---SEO https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-31-concrete-cms-rejects-cve-2023-44760-and-cve-2023-44766 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-44762

https://notcve.org/view.php?id=CVE-2023-44762

A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags. Una vulnerabilidad de Cross Site Scripting (XSS) en Concrete CMS v.9.2.1 permite a un atacante ejecutar código arbitrario a través de un script manipulado en Tags desde Settings - Tags. • https://github.com/sromanhu/ConcreteCMS-Reflected-XSS---Tags • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...3 4 5 6 7