Vulnerabilities > Concretecms > Concrete CMS > 9.2.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-09 | CVE-2024-1247 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. | 4.8 |
| 2023-12-25 | CVE-2023-48652 | Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) via /ccm/system/dialogs/logs/delete_all/submit. | 4.3 |