ConcreteCMS vulnerable to Xpath injection attacks

CVE-2022-46464

Affected version: <=9.1.3

Reported by:
GitHub

Cross Site Request Forgery in concrete5/concrete5

CVE-2021-22954

Affected version: <9.0.0

Reported by:
GitHub