Filtered by vendor Concretecms
Subscriptions
Total
99 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-43692 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.1 Medium |
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS - user can cause an administrator to trigger reflected XSS with a url if the targeted administrator is using an old browser that lacks XSS protection. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | ||||
CVE-2022-43691 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.3 Medium |
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information (secrets in environment variables and server information) when Debug Mode is left on in production. | ||||
CVE-2022-43690 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.3 Medium |
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this functionality. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | ||||
CVE-2022-43689 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.3 Medium |
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure. | ||||
CVE-2022-43688 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 4.8 Medium |
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in icons since the Microsoft application tile color is not sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | ||||
CVE-2022-43687 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.4 Medium |
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | ||||
CVE-2022-43686 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.5 Medium |
In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service (high load). | ||||
CVE-2022-43556 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.1 Medium |
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Thanks @_akbar_jafarli_ for reporting. Remediate by updating to Concrete CMS 8.5.10 and Concrete CMS 9.1.3. | ||||
CVE-2022-30120 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.1 Medium |
XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reporting | ||||
CVE-2022-30119 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.1 Medium |
XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 2 with CVSS v3.1 Vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N. Thanks zeroinside for reporting. | ||||
CVE-2022-30118 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.1 Medium |
Title for CVE: XSS in /dashboard/system/express/entities/forms/save_control/[GUID]: old browsers only.Description: When using Internet Explorer with the XSS protection disabled, editing a form control in an express entities form for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 can allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 2 with CVSS v3.1 Vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N. Thanks zeroinside for reporting. | ||||
CVE-2022-30117 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 9.1 Critical |
Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesn’t allow traversal and by changing isFullChunkFilePresent to have an early false return when input doesn't match expectations.Concrete CMS Security team ranked this 5.8 with CVSS v3.1 vector AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H. Credit to Siebene for reporting. | ||||
CVE-2022-21829 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 9.8 Critical |
Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concrete_secure’ instead of ‘concrete’. Concrete now only makes requests over https even a request comes in via http. Concrete CMS security team ranked this 8 with CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Credit goes to Anna for reporting HackerOne 1482520. | ||||
CVE-2021-40109 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.4 Medium |
A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can access forbidden files on their local network. A user with permissions to upload files from external sites can upload a URL that redirects to an internal resource of any file type. The redirect is followed and loads the contents of the file from the redirected-to server. Files of disallowed types can be uploaded. | ||||
CVE-2021-40108 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 8.8 High |
An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint. | ||||
CVE-2021-40106 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.1 Medium |
An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field. | ||||
CVE-2021-40105 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.1 Medium |
An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments. | ||||
CVE-2021-40104 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 7.5 High |
An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass. | ||||
CVE-2021-40103 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 7.5 High |
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF. | ||||
CVE-2021-40102 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 9.1 Critical |
An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR deserialization in is_dir (PHP Object Injection associated with the __wakeup magic method). |