Security Advisories - concrete5/concrete5

concrete5/concrete5 Security Advisories for 9.0.2 (13)

ConcreteCMS vulnerable to Xpath injection attacks

CVE-2022-46464

Affected version: <=9.1.3

Reported by:
GitHub
Concrete CMS vulnerable to cross-site scripting in the text input field

CVE-2022-43556

Affected version: >=9.0.0,<9.1.3|<8.5.10

Reported by:
GitHub
Concrete CMS vulnerable to Reflected Cross-site Scripting via image manipulation library

CVE-2022-43694

Affected version: >=9.0.0,<9.1.3|<8.5.10

Reported by:
GitHub
Concrete CMS vulnerable to Reflected Cross-site Scripting

CVE-2022-43692

Affected version: >=9.0.0,<9.1.3|<8.5.10

Reported by:
GitHub
Concrete CMS vulnerable to Reflected Cross-Site Scripting via dashboard icons

CVE-2022-43968

Affected version: >=9.0.0,<9.1.3|<8.5.10

Reported by:
GitHub
Concrete CMS vulnerable to Cross-site Scripting via multilingual report

CVE-2022-43967

Affected version: >=9.0.0,<9.1.3|<8.5.10

Reported by:
GitHub
Concrete CMS vulnerable to Uncontrolled Resource Consumption leading to DoS

CVE-2022-43686

Affected version: >=9.0.0,<9.1.3|<8.5.10

Reported by:
GitHub
Concrete CMS vulnerable to Session Fixation

CVE-2022-43687

Affected version: >=9.0.0,<9.1.3|<8.5.10

Reported by:
GitHub
Concrete CMS vulnerable to Cross-site Scripting

CVE-2022-43688

Affected version: >=9.0.0,<9.1.3|<8.5.10

Reported by:
GitHub
Concrete CMS vulnerable to Cleartext Transmission of Sensitive Information

CVE-2022-43691

Affected version: >=9.0.0,<9.1.3|<8.5.10

Reported by:
GitHub
Concrete CMS vulnerable to Improper Authentication

CVE-2022-43690

Affected version: >=9.0.0,<9.1.3|<8.5.10

Reported by:
GitHub
Concrete CMS vulnerable to XML External Entity

CVE-2022-43689

Affected version: >=9.0.0,<9.1.2|<8.5.10

Reported by:
GitHub
Concrete CMS vulnerable to Cross-site Request Forgery

CVE-2022-43693

Affected version: >=9.0.0RC1,<9.1.3|<8.5.10

Reported by:
GitHub