Vulnerabilities > Concretecms

DATE	CVE	VULNERABILITY TITLE	RISK
2021-09-23	CVE-2021-22950	Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team" network low complexity concretecms CWE-352	6.5
2021-09-23	CVE-2021-22953	Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team" network low complexity concretecms CWE-352	5.4
2021-07-30	CVE-2021-36766	Deserialization of Untrusted Data vulnerability in Concretecms Concrete CMS Concrete5 through 8.5.5 deserializes Untrusted Data. network low complexity concretecms CWE-502	7.2
2021-03-18	CVE-2021-28145	Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. network low complexity concretecms CWE-79	5.4
2021-01-08	CVE-2021-3111	Cross-site Scripting vulnerability in Concretecms Concrete CMS The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI. network low complexity concretecms CWE-79	4.8
2020-09-04	CVE-2020-24986	Unrestricted Upload of File with Dangerous Type vulnerability in Concretecms Concrete CMS Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. network low complexity concretecms CWE-434	7.2
2020-07-28	CVE-2020-11476	Unrestricted Upload of File with Dangerous Type vulnerability in Concretecms Concrete CMS Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file. network low complexity concretecms CWE-434	7.2
2020-06-22	CVE-2020-14961	Unspecified vulnerability in Concretecms Concrete CMS Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value. network low complexity concretecms	5.3
2020-01-14	CVE-2011-3183	Cross-site Scripting vulnerability in Concretecms Concrete CMS 5.4.1.1 A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier. network low complexity concretecms CWE-79	6.1
2019-06-17	CVE-2018-19146	Cross-site Scripting vulnerability in Concretecms Concrete CMS 8.4.3 Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML data with a SCRIPT element. network low complexity concretecms CWE-79	4.8

Vulnerabilities > Concretecms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Concretecms"}]}

Vulnerabilities > Concretecms