Page 6 of 55 results (0.008 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings. Una vulnerabilidad de Cross Site Scripting (XSS) en Concrete CMS v.9.2.1 permite a un atacante ejecutar código arbitrario a través de un script manipulado para Plural Handle de los objetos de datos desde System & Settings. • https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Associations https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

A Cross Site Scripting (XSS) vulnerability in Concrete CMS before 9.2.3 exists via the Name parameter during installation (aka Site of Installation or Settings). Una vulnerabilidad de Cross Site Scripting (XSS) en Concrete CMS v.9.2.1 permite a un atacante ejecutar código arbitrario a través de un script manipulado en el parámetro SITE desde la instalación o en la Configuración. • https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Site_Installation • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Tags on uploaded files. • https://concretecms.com https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter. • https://concretecms.com https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies. • https://concretecms.com https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20 •