concrete5/concrete5 Security Advisories for 9.2.3 (9)
-
[LOW] Concrete CMS Stored XSS in the Search Field
PKSA-n81q-nvhs-j5xh CVE-2024-3181 GHSA-qgm9-rxmq-jxmq
Affected version: <8.5.16|>=9.0.0RC1,<9.2.8
Reported by:
GitHub -
[LOW] Concrete CMS Stored XSS in blocks of type file
PKSA-jkfn-dm68-h74g CVE-2024-3180 GHSA-9qhc-pg6j-wf23
Affected version: <8.5.16|>=9.0.0RC1,<9.2.8
Reported by:
GitHub -
[LOW] Concrete CMS Stored XSS in the Custom Class page editing
PKSA-9d3h-dqyn-p3hg CVE-2024-3179 GHSA-r7q4-cw9r-vhp4
Affected version: <8.5.16|>=9.0.0RC1,<9.2.8
Reported by:
GitHub -
[LOW] Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter
PKSA-7yvb-1h2z-t44j CVE-2024-3178 GHSA-xwrh-qxmc-x8c8
Affected version: <8.5.16|>=9.0.0RC1,<9.2.8
Reported by:
GitHub -
[LOW] Concrete CMS Stored XSS on the calendar color settings screen
PKSA-637y-63mx-s8kt CVE-2024-2753 GHSA-pj42-r64f-4xfq
Affected version: <8.5.16|>=9.0.0RC1,<9.2.8
Reported by:
GitHub -
[LOW] Concrete CMS Stored Cross-site Scripting vulnerability
PKSA-xz8s-kt9m-78kn CVE-2024-2179 GHSA-4m7h-34xm-4wjv
Affected version: <9.2.7
Reported by:
GitHub -
[LOW] Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature
PKSA-mg7v-tf5z-216y CVE-2024-1246 GHSA-9v3w-cj7m-qh5g
Affected version: >=9.0.0RC1,<9.2.5
Reported by:
GitHub -
[LOW] Concrete CMS vulnerable to stored XSS via the Role Name field
PKSA-q44b-j422-8pc9 CVE-2024-1247 GHSA-q25h-jch8-gfrp
Affected version: >=9.0.0RC1,<9.2.5
Reported by:
GitHub -
[LOW] Concrete CMS vulnerable to stored XSS in file tags and description attributes
PKSA-k3fw-5172-87s2 CVE-2024-1245 GHSA-mgp6-j658-vcw9
Affected version: >=9.0.0RC1,<9.2.5
Reported by:
GitHub