Vulnerabilities > Concretecms > Concrete CMS > 8.5.17

DATE CVE VULNERABILITY TITLE RISK
2024-09-25 CVE-2024-7398 Cross-site Scripting vulnerability in Concretecms Concrete CMS
Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output.
network
low complexity
concretecms CWE-79
5.4
2024-09-16 CVE-2024-8661 Cross-site Scripting vulnerability in Concretecms Concrete CMS
Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the "Next&Previous Nav" block.
network
low complexity
concretecms CWE-79
4.8
2024-08-12 CVE-2024-4350 Cross-site Scripting vulnerability in Concretecms Concrete CMS
Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses.
network
low complexity
concretecms CWE-79
4.8
2024-08-08 CVE-2024-7394 Cross-site Scripting vulnerability in Concretecms Concrete CMS
Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in getAttributeSetName().
network
low complexity
concretecms CWE-79
4.8
2023-04-28 CVE-2023-28471 Cross-site Scripting vulnerability in Concretecms Concrete CMS
Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS via a container name.
network
low complexity
concretecms CWE-79
5.4
2023-04-28 CVE-2023-28472 Unspecified vulnerability in Concretecms Concrete CMS
Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies.
network
low complexity
concretecms
5.3
2023-04-28 CVE-2023-28473 Improper Authentication vulnerability in Concretecms Concrete CMS
Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section.
network
high complexity
concretecms CWE-287
3.3
2023-04-28 CVE-2023-28474 Cross-site Scripting vulnerability in Concretecms Concrete CMS
Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Saved Presets on search.
network
low complexity
concretecms CWE-79
5.4
2023-04-28 CVE-2023-28475 Cross-site Scripting vulnerability in Concretecms Concrete CMS
Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized.
network
low complexity
concretecms CWE-79
6.1
2023-04-28 CVE-2023-28476 Cross-site Scripting vulnerability in Concretecms Concrete CMS
Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Tags on uploaded files.
network
low complexity
concretecms CWE-79
5.4