concrete5/concrete5 Security Advisories for 8.5.x-dev (22)
-
[MEDIUM] ConcreteCMS Cross-Site Scripting (XSS) via HTML Block Text Field
PKSA-wppm-g9w6-5t8w CVE-2025-2967 GHSA-xfqf-5rhg-5c73
Affected version: <=9.3.9
Reported by:
GitHub -
[MEDIUM] Concrete CMS affected by a stored XSS in Folder Function.The "Add Folder" functionality
PKSA-7rbh-qkpf-p5vz CVE-2025-0660 GHSA-pvmx-mjmh-jfcx
Affected version: <9.4.0RC1
Reported by:
GitHub -
[LOW] Concrete CMS Stored Cross-site Scripting vulnerability
PKSA-xz8s-kt9m-78kn CVE-2024-2179 GHSA-4m7h-34xm-4wjv
Affected version: <9.2.7
Reported by:
GitHub -
[MEDIUM] Concrete CMS Cross Site Request Forgery (CSRF)
PKSA-cqc1-1kdn-st4p CVE-2023-48652 GHSA-qp42-5pj7-4ccm
Affected version: <9.2.3
Reported by:
GitHub -
[MEDIUM] Concrete CMS Cross-site Scripting vulnerability
PKSA-pnzc-59z2-f5y3 CVE-2023-44760 GHSA-4qv6-37xq-mgq2
Affected version: <=9.2.1
Reported by:
GitHub -
[MEDIUM] ConcreteCMS vulnerable to Stored Cross-site Scripting
PKSA-h43h-5y8z-wmzt CVE-2023-44763 GHSA-wrp2-6v6j-hfmg
Affected version: <=9.2.1
Reported by:
GitHub -
[MEDIUM] ConcreteCMS Cross-site Scripting vulnerability
PKSA-xzkr-c5rd-bz1y CVE-2023-44766 GHSA-437p-jfm4-2387
Affected version: <=9.2.1
Reported by:
GitHub -
[MEDIUM] ConcreteCMS Cross-site Scripting vulnerability
PKSA-fmjx-j9wj-jxxq CVE-2023-44761 GHSA-p4jj-gwpg-9jwh
Affected version: <=9.2.1
Reported by:
GitHub -
[MEDIUM] ConcreteCMS Cross-site Scripting vulnerability
PKSA-g67y-rdnw-pmf6 CVE-2023-44765 GHSA-6xx7-r8x4-fpjp
Affected version: <=9.2.1
Reported by:
GitHub -
[MEDIUM] ConcreteCMS Cross-site Scripting vulnerability
PKSA-ppc5-9x8h-722z CVE-2023-44764 GHSA-j6h5-ggv2-3rfv
Affected version: <=9.2.1
Reported by:
GitHub -
[MEDIUM] ConcreteCMS Cross-site Scripting vulnerability
PKSA-4cr9-fm17-v4c8 CVE-2023-44762 GHSA-6fm3-r6mf-j875
Affected version: <=9.2.1
Reported by:
GitHub -
[MEDIUM] Missing rate limit for password resets
PKSA-1mgj-tr57-r1f7 CVE-2023-28821 GHSA-ph6g-6v8w-8p6m
Affected version: <9.1.0
Reported by:
GitHub -
[LOW] Stored cross site scripting in RSS displayer
PKSA-fq2t-qgfc-g81r CVE-2023-28820 GHSA-fgxj-g7x3-85cq
Affected version: <9.1.0
Reported by:
GitHub -
[LOW] Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names
PKSA-yfdn-spkq-2jww CVE-2023-28819 GHSA-474f-mcjv-pgrm
Affected version: <9.1.0
Reported by:
GitHub -
[MEDIUM] Stored cross site scripting on API integration
PKSA-1pbc-g2d5-65zk CVE-2023-28477 GHSA-xfmj-r86m-j2hr
Affected version: <9.2.0
Reported by:
GitHub -
[CRITICAL] Concrete CMS (previously concrete5) is vulnerable to possible auth bypass in the jobs section
PKSA-mr3p-nks7-1tws CVE-2023-28473 GHSA-pj76-75cm-3552
Affected version: <9.2.0
Reported by:
GitHub -
[MEDIUM] Stored cross site scripting via container name
PKSA-pt47-fxhg-84sd CVE-2023-28471 GHSA-9h33-5fxw-r2xv
Affected version: <9.2.0
Reported by:
GitHub -
[MEDIUM] Concrete CMS missing secure cookie parameters
PKSA-wd8t-n9z8-rhbr CVE-2023-28472 GHSA-f55r-8rcv-mqcf
Affected version: <9.2.0
Reported by:
GitHub -
[MEDIUM] Stored cross site scripting on saved presets
PKSA-nktg-qth3-gfbd CVE-2023-28474 GHSA-2j26-j953-2rph
Affected version: <9.2.0
Reported by:
GitHub -
[MEDIUM] Reflected cross site scripting
PKSA-8wxq-b9zg-qp74 CVE-2023-28475 GHSA-vcpr-hm2m-gjjj
Affected version: <9.2.0
Reported by:
GitHub -
[MEDIUM] Stored cross site scripting on tags
PKSA-95sr-pv8t-5nw1 CVE-2023-28476 GHSA-2ggc-552c-rmqr
Affected version: <9.2.0
Reported by:
GitHub -
[HIGH] Cross Site Request Forgery in concrete5/concrete5
PKSA-xh9p-14ms-v6qh CVE-2021-22954 GHSA-gr23-g276-xc73
Affected version: <9.0.0
Reported by:
GitHub