Vulnerabilities > Concretecms > Concrete CMS > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-17 CVE-2023-48649 Cross-site Scripting vulnerability in Concretecms Concrete CMS
Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name.
network
low complexity
concretecms CWE-79
5.4
2023-10-23 CVE-2023-44760 Cross-site Scripting vulnerability in Concretecms Concrete CMS 9.2.1
Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics.
network
low complexity
concretecms CWE-79
4.8
2023-10-10 CVE-2023-44763 Unrestricted Upload of File with Dangerous Type vulnerability in Concretecms Concrete CMS 9.2.1
Concrete CMS v9.2.1 is affected by an Arbitrary File Upload vulnerability via a Thumbnail file upload, which allows Cross-Site Scripting (XSS).
network
low complexity
concretecms CWE-434
5.4
2023-10-06 CVE-2023-44761 Cross-site Scripting vulnerability in Concretecms Concrete CMS 9.2.1
Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects.
network
low complexity
concretecms CWE-79
5.4
2023-10-06 CVE-2023-44762 Cross-site Scripting vulnerability in Concretecms Concrete CMS 9.2.1
A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags.
network
low complexity
concretecms CWE-79
5.4
2023-10-06 CVE-2023-44764 Cross-site Scripting vulnerability in Concretecms Concrete CMS 9.2.1
A Cross Site Scripting (XSS) vulnerability in Concrete CMS before 9.2.3 exists via the Name parameter during installation (aka Site of Installation or Settings).
network
low complexity
concretecms CWE-79
5.4
2023-10-06 CVE-2023-44765 Cross-site Scripting vulnerability in Concretecms Concrete CMS 9.2.1
A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings.
network
low complexity
concretecms CWE-79
5.4
2023-10-06 CVE-2023-44766 Cross-site Scripting vulnerability in Concretecms Concrete CMS 9.2.1
A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings.
network
low complexity
concretecms CWE-79
4.8
2023-04-28 CVE-2023-28471 Cross-site Scripting vulnerability in Concretecms Concrete CMS
Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS via a container name.
network
low complexity
concretecms CWE-79
5.4
2023-04-28 CVE-2023-28472 Unspecified vulnerability in Concretecms Concrete CMS
Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies.
network
low complexity
concretecms
5.3