5 matches found
CVE-2026-8337
Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...
Authorization Bypass Through User-Controlled Key
Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the surveys process. An attacker can gain unauthorized access to restricted survey functionality by submitting a restricted option ...
CVE-2026-8337
Concrete CMS
CVE-2026-8337
Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...
REDCap 跨站脚本漏洞
REDCap is a data collection and management web application from the REDCap open source. A cross-site scripting vulnerability exists in REDCap version 13.1.9, which stems from a stored cross-site scripting vulnerability in the Public Surveys feature, and could lead to the execution of arbitrary we...