Lucene search
K

25074 matches found

OSV
OSV
added 2026/03/04 3:31 a.m.4 views

GHSA-F4VQ-PJ32-GR4Q Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability

In Concrete CMS below version 9.4.8, a Cross-site Scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice question...

4.8CVSS5.9AI score0.00208EPSS
Exploits1References4
NVD
NVD
added 2026/03/04 3:16 a.m.6 views

CVE-2026-3241

In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...

4.8CVSS0.00208EPSS
Exploits1References2
OSV
OSV
added 2026/03/04 3:16 a.m.5 views

CVE-2026-3241

In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...

4.8CVSS5.6AI score
Exploits0References2
NVD
NVD
added 2026/03/04 3:16 a.m.8 views

CVE-2026-3240

In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with...

4.8CVSS0.00212EPSS
Exploits1References2
OSV
OSV
added 2026/03/04 3:16 a.m.3 views

CVE-2026-3240

In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with...

4.8CVSS5.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/04 2:15 a.m.4 views

CVE-2026-3240 Concrete CMS below 9.4.8 is vulnerable to Stored XSS via Legacy form

In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with...

4.8CVSS5.9AI score0.00212EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/04 2:15 a.m.34 views

CVE-2026-3240 Concrete CMS below 9.4.8 is vulnerable to Stored XSS via Legacy form

In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with...

4.8CVSS0.00212EPSS
Exploits1References2
CVE
CVE
added 2026/03/04 2:15 a.m.14 views

CVE-2026-3240

Concrete CMS

4.8CVSS5.9AI score0.00212EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/04 2:12 a.m.27 views

CVE-2026-3241 Concrete CMS below version 9.4.8 is vulnerable to a stored cross-site scripting (XSS) in the "Legacy Form" block.

In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...

4.8CVSS0.00208EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/04 2:12 a.m.5 views

CVE-2026-3241 Concrete CMS below version 9.4.8 is vulnerable to a stored cross-site scripting (XSS) in the "Legacy Form" block.

In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...

4.8CVSS5.8AI score0.00208EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/04 2:12 a.m.5 views

CVE-2026-3241

In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...

4.8CVSS5.8AI score0.00208EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/04 2:12 a.m.15 views

CVE-2026-3241

Concrete CMS versions below 9.4.8 are affected by a stored XSS in the Legacy Form block. An authenticated user with permissions to create or edit forms (e.g., a rogue administrator) can inject a persistent JavaScript payload into the options of a multiple‑choice question (Checkbox List, Radio But...

4.8CVSS5.8AI score0.00208EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.7 views

PT-2026-22952

Name of the Vulnerable Software and Affected Versions Multer versions prior to 2.1.1 Description A flaw exists in Multer, a node.js middleware used for processing multipart/form-data. This issue can be exploited to cause a Denial of Service DoS by submitting specially crafted requests, which may...

8.7CVSS5.9AI score0.00713EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 2026/03/04 12:0 a.m.3 views

CVE-2025-70218

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via POST to the goform/formAdvFirewall component...

6.1AI score0.00633EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/04 12:0 a.m.3 views

CVE-2025-70219

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the goform/formDeviceReboot...

6.1AI score0.00485EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.7 views

PT-2026-22866

In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...

4.8CVSS5.8AI score0.00208EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.8 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS prior to 9.4.8 contained a security vulnerability. This vulnerability stemmed from a storage-type cross-site scripting in the Legacy Form block, which could allow malicious JavaScript...

4.8CVSS5.8AI score0.00208EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.7 views

PT-2026-22865

In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with...

4.8CVSS5.9AI score0.00212EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/04 12:0 a.m.3 views

CVE-2025-46108

D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup...

5.9AI score0.00605EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.8 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS prior to 9.4.8 contained a security vulnerability. This vulnerability stemmed from a stored cross-site scripting vulnerability in the Question field of the Legacy form element, which could...

4.8CVSS5.7AI score0.00212EPSS
Exploits1References2
Rows per page
Query Builder