Vulnerabilities > Concretecms > Concrete CMS > 8.5.16
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2024-7398 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. | 5.4 |
| 2024-09-16 | CVE-2024-8661 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the "Next&Previous Nav" block. | 4.8 |
| 2024-08-12 | CVE-2024-4350 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. | 4.8 |
| 2024-08-08 | CVE-2024-7394 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in getAttributeSetName(). | 4.8 |
| 2023-04-28 | CVE-2023-28471 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS via a container name. | 5.4 |
| 2023-04-28 | CVE-2023-28472 | Unspecified vulnerability in Concretecms Concrete CMS Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies. | 5.3 |
| 2023-04-28 | CVE-2023-28473 | Improper Authentication vulnerability in Concretecms Concrete CMS Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section. | 3.3 |
| 2023-04-28 | CVE-2023-28474 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Saved Presets on search. | 5.4 |
| 2023-04-28 | CVE-2023-28475 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized. | 6.1 |
| 2023-04-28 | CVE-2023-28476 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Tags on uploaded files. | 5.4 |