Vulnerabilities > Concretecms > Concrete CMS > 9.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-24 | CVE-2022-30117 | Path Traversal vulnerability in Concretecms Concrete CMS Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. | 6.4 |
| 2022-06-24 | CVE-2022-30118 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Title for CVE: XSS in /dashboard/system/express/entities/forms/save_control/[GUID]: old browsers only.Description: When using Internet Explorer with the XSS protection disabled, editing a form control in an express entities form for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 can allow XSS. | 4.3 |
| 2022-06-24 | CVE-2022-30119 | Cross-site Scripting vulnerability in Concretecms Concrete CMS XSS in /dashboard/reports/logs/view - old browsers only. | 4.3 |
| 2022-06-24 | CVE-2022-30120 | Cross-site Scripting vulnerability in Concretecms Concrete CMS XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. | 4.3 |