3 matches found
CVE-2026-7890
Concrete CMS 9.5.0 and earlier are affected by a server-side SSRF in the RSS Displayer block that accepts arbitrary feed URLs without validation, enabling redirect-to-internal bypasses. The CVE-2026-7890 entry documents a CVSSv4.0 score of 2.1 (low) with network attack vector and high privileges ...
CVE-2026-7890 Concrete CMS 9.5.0 is vulnerable to SSRF via RSS Displayer Block
In Concrete CMS 9.5.0 and below, the RSS Displayer block accepts a feed URL from any page editor and fetches it server-side without validation enabling redirect-to-internal bypasses. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.1 with a...
CVE-2026-7890 Concrete CMS 9.5.0 is vulnerable to SSRF via RSS Displayer Block
In Concrete CMS 9.5.0 and below, the RSS Displayer block accepts a feed URL from any page editor and fetches it server-side without validation enabling redirect-to-internal bypasses. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.1 with a...