EUVD-2026-31374

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/page/bulk/cache. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan...

CVE-2026-8412 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/cache

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/page/bulk/cache. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan...

CVE-2026-8412

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/page/bulk/cache. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan...

CVE-2026-8412

Concrete CMS prior to version 9.5.0 is vulnerable to Cross-Site Request Forgery (CSRF) at the endpoint concrete/controllers/dialog/page/bulk/cache. The issue is caused by insufficient verification of user intent for requests to that endpoint. Impact is described as CSRF with potential to perform ...

PT-2026-42568

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.0 Description Cross Site Request Forgery CSRF is possible at the 'concrete/controllers/dialog/page/bulk/cache' endpoint. CSRF is a type of attack that tricks a victim into submitting a malicious request. It...