Vulnerabilities > Concretecms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-30 | CVE-2021-36766 | Deserialization of Untrusted Data vulnerability in Concretecms Concrete CMS Concrete5 through 8.5.5 deserializes Untrusted Data. | 7.2 |
| 2021-03-18 | CVE-2021-28145 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. | 5.4 |
| 2021-01-08 | CVE-2021-3111 | Cross-site Scripting vulnerability in Concretecms Concrete CMS The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI. | 4.8 |
| 2020-09-04 | CVE-2020-24986 | Unrestricted Upload of File with Dangerous Type vulnerability in Concretecms Concrete CMS Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. | 7.2 |
| 2020-07-28 | CVE-2020-11476 | Unrestricted Upload of File with Dangerous Type vulnerability in Concretecms Concrete CMS Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file. | 7.2 |
| 2020-06-22 | CVE-2020-14961 | Unspecified vulnerability in Concretecms Concrete CMS Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value. | 5.3 |
| 2020-01-14 | CVE-2011-3183 | Cross-site Scripting vulnerability in Concretecms Concrete CMS 5.4.1.1 A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier. | 6.1 |
| 2019-06-17 | CVE-2018-19146 | Cross-site Scripting vulnerability in Concretecms Concrete CMS 8.4.3 Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML data with a SCRIPT element. | 4.8 |
| 2018-07-09 | CVE-2018-13790 | Server-Side Request Forgery (SSRF) vulnerability in Concretecms Concrete CMS 8.2.0 A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page. | 7.2 |
| 2018-02-26 | CVE-2017-18195 | Unspecified vulnerability in Concretecms Concrete CMS An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. | 5.3 |