Security Advisories - concrete5/concrete5

concrete5/concrete5 Security Advisories for 9.2.2 (14)

[LOW] Concrete CMS Stored XSS in the Search Field

PKSA-n81q-nvhs-j5xh CVE-2024-3181 GHSA-qgm9-rxmq-jxmq

Affected version: <8.5.16|>=9.0.0RC1,<9.2.8

Reported by:
GitHub
[LOW] Concrete CMS Stored XSS in blocks of type file

PKSA-jkfn-dm68-h74g CVE-2024-3180 GHSA-9qhc-pg6j-wf23

Affected version: <8.5.16|>=9.0.0RC1,<9.2.8

Reported by:
GitHub
[LOW] Concrete CMS Stored XSS in the Custom Class page editing

PKSA-9d3h-dqyn-p3hg CVE-2024-3179 GHSA-r7q4-cw9r-vhp4

Affected version: <8.5.16|>=9.0.0RC1,<9.2.8

Reported by:
GitHub
[LOW] Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter

PKSA-7yvb-1h2z-t44j CVE-2024-3178 GHSA-xwrh-qxmc-x8c8

Affected version: <8.5.16|>=9.0.0RC1,<9.2.8

Reported by:
GitHub
[LOW] Concrete CMS Stored XSS on the calendar color settings screen

PKSA-637y-63mx-s8kt CVE-2024-2753 GHSA-pj42-r64f-4xfq

Affected version: <8.5.16|>=9.0.0RC1,<9.2.8

Reported by:
GitHub
[LOW] Concrete CMS Stored Cross-site Scripting vulnerability

PKSA-xz8s-kt9m-78kn CVE-2024-2179 GHSA-4m7h-34xm-4wjv

Affected version: <9.2.7

Reported by:
GitHub
[MEDIUM] Concrete CMS Cross Site Request Forgery (CSRF) vulnerability

PKSA-mzrf-7ycs-nx52 CVE-2023-48651 GHSA-45m2-8q7f-93wv

Affected version: >=9.0.0,<9.2.3

Reported by:
GitHub
[MEDIUM] Concrete CMS Stored XSS in Layout Preset Name

PKSA-ph3z-1rkb-jkr2 CVE-2023-48650 GHSA-x577-gcc9-9xjj

Affected version: >=9.0.0,<9.2.3|<8.5.14

Reported by:
GitHub
[MEDIUM] Concrete CMS Cross Site Request Forgery (CSRF) vulnerability

PKSA-qdvs-5x9y-sbsd CVE-2023-48653 GHSA-3rxx-8f33-7p6p

Affected version: >=9.0.0,<9.2.3|<8.5.14

Reported by:
GitHub
[LOW] Concrete CMS Stored XSS

PKSA-hcpk-wmjc-z55m CVE-2023-49337 GHSA-9xxv-q6pp-96wq

Affected version: >=9.0.0,<9.2.3

Reported by:
GitHub
[LOW] Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature

PKSA-mg7v-tf5z-216y CVE-2024-1246 GHSA-9v3w-cj7m-qh5g

Affected version: >=9.0.0RC1,<9.2.5

Reported by:
GitHub
[LOW] Concrete CMS vulnerable to stored XSS via the Role Name field

PKSA-q44b-j422-8pc9 CVE-2024-1247 GHSA-q25h-jch8-gfrp

Affected version: >=9.0.0RC1,<9.2.5

Reported by:
GitHub
[LOW] Concrete CMS vulnerable to stored XSS in file tags and description attributes

PKSA-k3fw-5172-87s2 CVE-2024-1245 GHSA-mgp6-j658-vcw9

Affected version: >=9.0.0RC1,<9.2.5

Reported by:
GitHub
[MEDIUM] Concrete CMS Cross Site Request Forgery (CSRF)

PKSA-cqc1-1kdn-st4p CVE-2023-48652 GHSA-qp42-5pj7-4ccm

Affected version: <9.2.3

Reported by:
GitHub

concrete5/concrete5 Security Advisories for 9.2.2 (14)

[LOW] Concrete CMS Stored XSS in the Search Field

[LOW] Concrete CMS Stored XSS in blocks of type file

[LOW] Concrete CMS Stored XSS in the Custom Class page editing

[LOW] Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter

[LOW] Concrete CMS Stored XSS on the calendar color settings screen

[LOW] Concrete CMS Stored Cross-site Scripting vulnerability

[MEDIUM] Concrete CMS Cross Site Request Forgery (CSRF) vulnerability

[MEDIUM] Concrete CMS Stored XSS in Layout Preset Name

[MEDIUM] Concrete CMS Cross Site Request Forgery (CSRF) vulnerability

[LOW] Concrete CMS Stored XSS

[LOW] Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature

[LOW] Concrete CMS vulnerable to stored XSS via the Role Name field

[LOW] Concrete CMS vulnerable to stored XSS in file tags and description attributes

[MEDIUM] Concrete CMS Cross Site Request Forgery (CSRF)