8 matches found
CVE-2024-8661
Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the "Next Nav" block. A rogue administrator could add a malicious payload by executing it in the browsers of targeted users. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with...
GHSA-XMXJ-V2Q8-8QX6 Concrete CMS Stored XSS in the "Next&Previous Nav" block
Concrete CMS versions 9.0.0 to 9.3.4 and below 8.5.19 are vulnerable to Stored XSS in the "Next&Previous Nav" block. A rogue administrator could add a malicious payload by executing it in the browsers of targeted users. Since the "Next&Previous Nav" block output was not sufficiently sanitized, th...
Concrete CMS Stored XSS in the "Next&Previous Nav" block
Concrete CMS versions 9.0.0 to 9.3.4 and below 8.5.19 are vulnerable to Stored XSS in the "Next&Previous Nav" block. A rogue administrator could add a malicious payload by executing it in the browsers of targeted users. Since the "Next&Previous Nav" block output was not sufficiently sanitized, th...
CVE-2024-8661
Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the "Next&Previous Nav" block. A rogue administrator could add a malicious payload by executing it in the browsers of targeted users. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6...
CVE-2024-8661 Concrete CMS version 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the "Next&Previous Nav" block
Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.18 are vulnerable to Stored XSS in the "Next&Previous Nav" block. A rogue administrator could add a malicious payload by executing it in the browsers of targeted users. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6...
CVE-2024-8661
Concrete CMS is affected by CVE-2024-8661 due to Stored XSS in the Next&Previous Nav block. Affected versions are 9.0.0 to 9.3.3 and below 8.5.19 (per initial description; some sources cite 9.3.4 and 8.5.18 in other records). The root cause is insufficient sanitization/output cleanup in the Next&...
CVE-2024-8661 Concrete CMS version 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the "Next&Previous Nav" block
Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the "Next&Previous Nav" block. A rogue administrator could add a malicious payload by executing it in the browsers of targeted users. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6...
PT-2024-39159 · Unknown · Concrete Cms
Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9.0.0 through 9.3.4 Concrete CMS versions below 8.5.19 Description: A Stored XSS vulnerability exists in the "Next&Previous Nav" block of Concrete CMS, allowing a rogue administrator to add a malicious payload that can b...