Vulnerabilities > Concretecms > Concrete CMS > 9.1.3

DATE CVE VULNERABILITY TITLE RISK
2023-04-28 CVE-2023-28475 Cross-site Scripting vulnerability in Concretecms Concrete CMS
Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized.
network
low complexity
concretecms CWE-79
6.1
6.1
2023-04-28 CVE-2023-28476 Cross-site Scripting vulnerability in Concretecms Concrete CMS
Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Tags on uploaded files.
network
low complexity
concretecms CWE-79
5.4
5.4
2023-04-28 CVE-2023-28477 Cross-site Scripting vulnerability in Concretecms Concrete CMS
Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter.
network
low complexity
concretecms CWE-79
5.4
5.4