concrete5/concrete5 Security Advisories for 9.2.2 (14)
-
[LOW] Concrete CMS Stored XSS in the Search Field
PKSA-n81q-nvhs-j5xh CVE-2024-3181 GHSA-qgm9-rxmq-jxmq
Affected version: <8.5.16|>=9.0.0RC1,<9.2.8
Reported by:
GitHub -
[LOW] Concrete CMS Stored XSS in blocks of type file
PKSA-jkfn-dm68-h74g CVE-2024-3180 GHSA-9qhc-pg6j-wf23
Affected version: <8.5.16|>=9.0.0RC1,<9.2.8
Reported by:
GitHub -
[LOW] Concrete CMS Stored XSS in the Custom Class page editing
PKSA-9d3h-dqyn-p3hg CVE-2024-3179 GHSA-r7q4-cw9r-vhp4
Affected version: <8.5.16|>=9.0.0RC1,<9.2.8
Reported by:
GitHub -
[LOW] Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter
PKSA-7yvb-1h2z-t44j CVE-2024-3178 GHSA-xwrh-qxmc-x8c8
Affected version: <8.5.16|>=9.0.0RC1,<9.2.8
Reported by:
GitHub -
[LOW] Concrete CMS Stored XSS on the calendar color settings screen
PKSA-637y-63mx-s8kt CVE-2024-2753 GHSA-pj42-r64f-4xfq
Affected version: <8.5.16|>=9.0.0RC1,<9.2.8
Reported by:
GitHub -
[LOW] Concrete CMS Stored Cross-site Scripting vulnerability
PKSA-xz8s-kt9m-78kn CVE-2024-2179 GHSA-4m7h-34xm-4wjv
Affected version: <9.2.7
Reported by:
GitHub -
[MEDIUM] Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
PKSA-mzrf-7ycs-nx52 CVE-2023-48651 GHSA-45m2-8q7f-93wv
Affected version: >=9.0.0,<9.2.3
Reported by:
GitHub -
[MEDIUM] Concrete CMS Stored XSS in Layout Preset Name
PKSA-ph3z-1rkb-jkr2 CVE-2023-48650 GHSA-x577-gcc9-9xjj
Affected version: >=9.0.0,<9.2.3|<8.5.14
Reported by:
GitHub -
[MEDIUM] Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
PKSA-qdvs-5x9y-sbsd CVE-2023-48653 GHSA-3rxx-8f33-7p6p
Affected version: >=9.0.0,<9.2.3|<8.5.14
Reported by:
GitHub -
[LOW] Concrete CMS Stored XSS
PKSA-hcpk-wmjc-z55m CVE-2023-49337 GHSA-9xxv-q6pp-96wq
Affected version: >=9.0.0,<9.2.3
Reported by:
GitHub -
[LOW] Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature
PKSA-mg7v-tf5z-216y CVE-2024-1246 GHSA-9v3w-cj7m-qh5g
Affected version: >=9.0.0RC1,<9.2.5
Reported by:
GitHub -
[LOW] Concrete CMS vulnerable to stored XSS via the Role Name field
PKSA-q44b-j422-8pc9 CVE-2024-1247 GHSA-q25h-jch8-gfrp
Affected version: >=9.0.0RC1,<9.2.5
Reported by:
GitHub -
[LOW] Concrete CMS vulnerable to stored XSS in file tags and description attributes
PKSA-k3fw-5172-87s2 CVE-2024-1245 GHSA-mgp6-j658-vcw9
Affected version: >=9.0.0RC1,<9.2.5
Reported by:
GitHub -
[MEDIUM] Concrete CMS Cross Site Request Forgery (CSRF)
PKSA-cqc1-1kdn-st4p CVE-2023-48652 GHSA-qp42-5pj7-4ccm
Affected version: <9.2.3
Reported by:
GitHub