Vulnerabilities > Concretecms

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-14	CVE-2011-3183	Cross-site Scripting vulnerability in Concretecms Concrete CMS 5.4.1.1 A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier. network concretecms CWE-79	4.3
2019-06-17	CVE-2018-19146	Cross-site Scripting vulnerability in Concretecms Concrete CMS 8.4.3 Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML data with a SCRIPT element. network concretecms CWE-79	3.5
2018-07-09	CVE-2018-13790	Server-Side Request Forgery (SSRF) vulnerability in Concretecms Concrete CMS 8.2.0 A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page. network low complexity concretecms CWE-918	6.5
2018-02-26	CVE-2017-18195	Unspecified vulnerability in Concretecms Concrete CMS An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. network low complexity concretecms	5.0
2017-09-07	CVE-2015-4724	SQL Injection vulnerability in Concretecms Concrete CMS 5.7.3.1 SQL injection vulnerability in Concrete5 5.7.3.1. network low complexity concretecms CWE-89	6.5
2017-09-07	CVE-2015-4721	Cross-site Scripting vulnerability in Concretecms Concrete CMS 5.7.3.1 Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1. network concretecms CWE-79	4.3
2017-04-24	CVE-2017-8082	Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS 8.1.0 concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. network concretecms CWE-352	4.3
2017-04-13	CVE-2017-7725	Cross-site Scripting vulnerability in Concretecms Concrete CMS 8.1.0 concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. network concretecms CWE-79	4.3
2015-01-05	CVE-2014-9526	Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/dashboard/users/groups/bulkupdate.php or (2) instance_id parameter in tools/dashboard/sitemap_drag_request.php. network concrete5 concretecms CWE-79	4.3
2014-07-28	CVE-2014-5108	Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/download_file. network concrete5 concretecms CWE-79	4.3

Vulnerabilities > Concretecms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Concretecms"}]}

Vulnerabilities > Concretecms