Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS from 9 to 9.5.0 had a cross-site request forgeing vulnerability, which originated from the concrete/controllers/dialog/logs/delete file...

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions prior to Concrete CMS 9.5.0 had a cross-site request forgeing vulnerability, which was exploited through the concrete/controllers/dialog/event/duplicate module...

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS from 9 to 9.5.0 had a cross-site request forgeing vulnerability, which originated from the concrete/controllers/dialog/page/bulk/delete file...

PT-2026-42567

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.0.0 through 9.4.x Description Concrete CMS is subject to Cross Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing actions they did not intend to do. This issue occurs at the...

PT-2026-42571

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.0.0 through 9.4.x Description Cross Site Request Forgery CSRF occurs at the 'concrete/controllers/dialog/express/association/reorder' endpoint. CSRF is a type of attack that tricks a victim into submitting a malicious...

PT-2026-42647

Impact Authenticated users are able to inject HTML vulnerability into an input field, which is rendered in the confirmation dialog without proper output encoding. Patches This issue has been patched in 17.4.0...

PT-2026-42569

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.0.0 through 9.4.x Description Cross Site Request Forgery CSRF occurs at the 'concrete/controllers/dialog/page/bulk/design' endpoint. CSRF is a flaw that allows an attacker to induce users to perform actions they do not...

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions prior to Concrete CMS 9.5.0 had a cross-site request forgeing vulnerability, which was exploited through the concrete/controllers/dialog/page/bulk/design code...

PT-2026-42544

Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data. The Concrete CMS security team gave this vulnerability a...

Astra Linux - уязвимость в firefox, thunderbird

If a website sets a large custom cursor, portions of the cursor may overlap with the permission dialog, potentially causing confusion for users and leading to unexpected granting of permissions. This vulnerability affects Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8...

Astra Linux - уязвимость в firefox, thunderbird

Through a series of API calls and redirections, an alert dialog controlled by an attacker could have been displayed on another website with the victim website’s URL shown. This vulnerability affects Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8...

Astra Linux - уязвимость в chromium

Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в chromium

In versions of Google Chrome on Android prior to 101.0.4951.41, the security interface in the Downloads section allowed a remote attacker to spoof the APK download dialog box through a crafted HTML page...

Astra Linux - уязвимость в firefox, thunderbird

A phishing website could have re-used an about: dialog box to display phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox 122 and Thunderbird 115.7...

Astra Linux - уязвимость в thunderbird, firefox

A website could have obscured the full-screen notification by using the file open dialog. This could have caused confusion among users and potentially led to spoofing attacks. This vulnerability affects Firefox 116, Firefox ESR 115.2, and Thunderbird 115.2...

Astra Linux - уязвимость в firefox

The element could have been manipulated to display content outside of a sandboxed iframe. This could allow untrusted content to be displayed under the guise of trusted content. This vulnerability affects Firefox versions earlier than 121...

Astra Linux - уязвимость в chromium

Inappropriate implementation in the Web Browser UI of Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. Chromium security severity: Low...

Astra Linux - уязвимость в chromium

Inappropriate implementations in WebApp installations in Google Chrome prior to version 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass the installation dialog through a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в chromium

In Windows, the use of “after free” in dialog box handling in Google Chrome before version 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page...

CVE-2026-31906 Apache OFBiz: Reflected XSS via Improper HTML Attribute Escaping in Layered-Modal Dialog Parameters

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...