6 matches found
PortlandLabs Concrete CMS Cross-Site Scripting Vulnerability (CNVD-2023-101446)
PortlandLabs Concrete CMS is a team-oriented open source content management system of the United States PortlandLabs company . PortlandLabs Concrete CMS before 8.5.13, before 9.2.2 version of the cross-site scripting vulnerability , the vulnerability stems from the administration page of the...
PortlandLabs Concrete CMS Cross-Site Scripting Vulnerability
PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS version v.9.2.1, which stems from a cross-site scripting XSS vulnerability in the System&Settin...
PortlandLabs Concrete CMS Arbitrary File Deletion Vulnerability
PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. PortlandLabs Concrete CMS is vulnerable to an arbitrary file deletion vulnerability that stems from allowing traversal of /index.php/ccm/system/file/ upload, which can be exploited by...
PortlandLabs Concrete Cms Remote Code Execution Vulnerability
PortlandLabs Concrete Cms is a team-oriented open source content management system from PortlandLabs, Inc. A remote code execution vulnerability exists in PortlandLabs Concrete Cms, which stems from the ability to download zip files over HTTP and execute from those zip files, which could be...
PortlandLabs Concrete CMS Cross-Site Scripting Vulnerability (CNVD-2022-54306)
PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS, which originates from a lack of data validation filtering of user-supplied data and output in...
Unspecified Vulnerability in PortlandLabs Concrete CMS
PortlandLabs Concrete Cms is a team-oriented open source content management system for the United States PortlandLabs . A security vulnerability exists in Concrete CMS 8.5.5 and prior versions, which can be exploited by an attacker to obtain an update json over HTTP potentially leading to remote...