Vulnerabilities > Concretecms > Concrete CMS > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-28 | CVE-2023-28473 | Improper Authentication vulnerability in Concretecms Concrete CMS Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section. | 3.3 |
| 2021-09-24 | CVE-2021-40100 | Cross-site Scripting vulnerability in Concretecms Concrete CMS An issue was discovered in Concrete CMS through 8.5.5. | 3.5 |
| 2021-03-18 | CVE-2021-28145 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. | 3.5 |
| 2021-01-08 | CVE-2021-3111 | Cross-site Scripting vulnerability in Concretecms Concrete CMS The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI. | 3.5 |
| 2019-06-17 | CVE-2018-19146 | Cross-site Scripting vulnerability in Concretecms Concrete CMS 8.4.3 Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML data with a SCRIPT element. | 3.5 |