CVE-2026-8411 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/delete

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/page/bulk/delete. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonata...

PT-2026-42568

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.0 Description Cross Site Request Forgery CSRF is possible at the 'concrete/controllers/dialog/page/bulk/cache' endpoint. CSRF is a type of attack that tricks a victim into submitting a malicious request. It...

CVE-2024-4406

Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the...

CVE-2024-4406

Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the...

CVE-2024-4406

This CVE affects Xiaomi Pro 13 smartphones (GetApps) via the integral-dialog-page.html flaw. The root cause is improper sanitization when parsing the integralInfo parameter, enabling arbitrary script injection that can lead to remote code execution in the context of the current user. Exploitation...

CVE-2024-4406 Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability

Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the...

CVE-2024-4406 Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability

Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the...

Xiaomi Pro 13 安全漏洞

Xiaomi Pro 13 is a smartphone from Chinese company Xiaomi Xiaomi. The Xiaomi Pro 13 suffers from a security vulnerability that originates from a specific flaw in the integral-dialog-page.html file, which allows remote attackers to execute arbitrary code...

PT-2024-30927 · Xiaomi · Xiaomi Pro 13

Name of the Vulnerable Software and Affected Versions: Xiaomi Pro 13 affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this issue, where the targ...

(Pwn2Own) Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...