Vulnerabilities > Concretecms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-17 | CVE-2023-48649 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name. | 5.4 |
| 2023-10-23 | CVE-2023-44760 | Cross-site Scripting vulnerability in Concretecms Concrete CMS 9.2.1 Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. | 4.8 |
| 2023-10-10 | CVE-2023-44763 | Unrestricted Upload of File with Dangerous Type vulnerability in Concretecms Concrete CMS 9.2.1 Concrete CMS v9.2.1 is affected by an Arbitrary File Upload vulnerability via a Thumbnail file upload, which allows Cross-Site Scripting (XSS). | 5.4 |
| 2023-10-06 | CVE-2023-44761 | Cross-site Scripting vulnerability in Concretecms Concrete CMS 9.2.1 Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects. | 5.4 |
| 2023-10-06 | CVE-2023-44762 | Cross-site Scripting vulnerability in Concretecms Concrete CMS 9.2.1 A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags. | 5.4 |
| 2023-10-06 | CVE-2023-44764 | Cross-site Scripting vulnerability in Concretecms Concrete CMS 9.2.1 A Cross Site Scripting (XSS) vulnerability in Concrete CMS before 9.2.3 exists via the Name parameter during installation (aka Site of Installation or Settings). | 5.4 |
| 2023-10-06 | CVE-2023-44765 | Cross-site Scripting vulnerability in Concretecms Concrete CMS 9.2.1 A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings. | 5.4 |
| 2023-10-06 | CVE-2023-44766 | Cross-site Scripting vulnerability in Concretecms Concrete CMS 9.2.1 A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. | 4.8 |
| 2023-04-28 | CVE-2023-28471 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS via a container name. | 5.4 |
| 2023-04-28 | CVE-2023-28472 | Unspecified vulnerability in Concretecms Concrete CMS Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies. | 5.3 |