Lucene search
K

CVE-2021-40108

🗓️ 27 Sep 2021 12:01:34Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 68 Views🌐 WEB

Issue in Concrete CMS through 8.5.5. Calendar CSRF vulnerability

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2021-40108
27 Sep 202113:15
attackerkb
Circl
CVE-2021-40108
27 Sep 202116:34
circl
CNNVD
PortlandLabs Concrete Cms 跨站请求伪造漏洞
27 Sep 202100:00
cnnvd
CNVD
PortlandLabs Concrete CMS Cross-Site Request Forgery Vulnerability (CNVD-2021-76080)
29 Sep 202100:00
cnvd
Cvelist
CVE-2021-40108
27 Sep 202112:01
cvelist
EUVD
EUVD-2021-27297
7 Oct 202500:30
euvd
Hacker One
Concrete CMS: Stored unauth XSS in calendar event via CSRF
12 Feb 202108:43
hackerone
NVD
CVE-2021-40108
27 Sep 202113:15
nvd
OpenVAS
Concrete CMS < 8.5.6 Multiple Vulnerabilities
5 Oct 202100:00
openvas
Prion
Cross site request forgery (csrf)
27 Sep 202113:15
prion
Rows per page
NVD
ParameterPositionPathDescriptionCWE
ccm_tokenrequest bodyccm/calendar/dialogs/event/add/saveCSRF vulnerability: endpoint ccm/calendar/dialogs/event/add/save does not verify CSRF token (ccm_token), enabling CSRF attacks.CWE-352

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 04:06Current
8.6High risk
Vulners AI Score8.6
CVSS 26.8
CVSS 3.18.8
EPSS0.00483
68