Concrete Cms Security Vulnerabilities
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this functionality. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
6.3CVSS
6.4AI Score
0.001EPSS
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information (secrets in environment variables and server information) when Debug Mode is left on in production.
5.3CVSS
5.1AI Score
0.002EPSS
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS - user can cause an administrator to trigger reflected XSS with a url if the targeted administrator is using an old browser that lacks XSS protection. Remediate by updating to Concrete CMS 9.1....
6.1CVSS
5.9AI Score
0.001EPSS
Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.
8.8CVSS
8.8AI Score
0.001EPSS
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output.
6.1CVSS
5.9AI Score
0.001EPSS
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS allows association with an entity name that doesn’t exist or, if it does exist, contains XSS since it ...
4.8CVSS
4.7AI Score
0.001EPSS
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
6.1CVSS
5.9AI Score
0.001EPSS
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
6.1CVSS
5.9AI Score
0.001EPSS
Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS via a container name.
5.4CVSS
5AI Score
0.001EPSS
Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies.
5.3CVSS
5.3AI Score
0.001EPSS
Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section.
3.3CVSS
4.1AI Score
0.001EPSS
Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Saved Presets on search.
5.4CVSS
5.1AI Score
0.001EPSS
Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized.
6.1CVSS
5.9AI Score
0.001EPSS
Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Tags on uploaded files.
5.4CVSS
5.1AI Score
0.001EPSS
Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter.
5.5CVSS
5.1AI Score
0.001EPSS
Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names.
5.4CVSS
5.1AI Score
0.001EPSS
Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized.
5.4CVSS
5.1AI Score
0.001EPSS
Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets.
5.3CVSS
5.3AI Score
0.001EPSS
Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. NOTE: the vendor disputes this because these header/footer changes can only be made by an adm...
4.8CVSS
5.4AI Score
0.001EPSS
Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects.
5.4CVSS
5.5AI Score
0.0004EPSS
A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags.
5.4CVSS
5.3AI Score
0.0005EPSS
Concrete CMS v9.2.1 is affected by an Arbitrary File Upload vulnerability via a Thumbnail file upload, which allows Cross-Site Scripting (XSS). NOTE: the vendor's position is that a customer is supposed to know that "pdf" should be excluded from the allowed file types, even though pdf is one of the...
5.4CVSS
5.2AI Score
0.001EPSS
A Cross Site Scripting (XSS) vulnerability in Concrete CMS before 9.2.3 exists via the Name parameter during installation (aka Site of Installation or Settings).
5.4CVSS
5.2AI Score
0.0004EPSS
A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings.
5.4CVSS
5.3AI Score
0.0005EPSS
A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE: the vendor disputes this because this SEO-related header change can only be made by an admin, and allowing an admin to pl...
4.8CVSS
5AI Score
0.0005EPSS
Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when crea...
9.8CVSS
9.3AI Score
0.001EPSS
Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name.
5.4CVSS
5.2AI Score
0.001EPSS
Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) via /ccm/system/dialogs/logs/delete_all/submit. An attacker can force an admin user to delete server report logs on a web application to which they are currently authenticated.
4.3CVSS
4.6AI Score
0.0005EPSS
Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes...
4.8CVSS
4.9AI Score
0.0004EPSS
Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the websit...
4.8CVSS
5AI Score
0.0004EPSS
Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affec...
4.8CVSS
5AI Score
0.0004EPSS