15 matches found
Concrete CMS 9.4.3 - Stored XSS
Exploit Title: Concrete CMS 9.4.3 - Stored XSS Date: 2/09/2025 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.concretecms.org/ Software Link: https://www.concretecms.org/downloadfile/8e11ad24-cc1e-4880-8553-7c18ede22c50/2658 Version: 9.4.3 CVE : CVE-2025-8573 Tested on: Windows XP ''...
📄 Concrete CMS 9.4.3 Cross Site Scripting
Concrete CMS version 9.4.3 suffers from a persistent cross site scripting vulnerability. Exploit Title: Concrete CMS version 9.4.3 - Stored XSS Date: 2/09/2025 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.concretecms.org/ Software Link:...
PortlandLabs Concrete CMS Cross-Site Scripting Vulnerability
PortlandLabs Concrete CMS is a team-oriented open source content management system of the United States PortlandLabs company . A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS v.9.2.1, which stems from the lack of effective filtering and escaping of user-supplied data by t...
Concrete CMS Cross-site Scripting vulnerability
Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics...
CVE-2023-44760
Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. NOTE: the vendor disputes this because these header/footer changes can only be made by an...
CVE-2023-44760
Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. NOTE: the vendor disputes this because these header/footer changes can only be made by an...
CVE-2023-44760
Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. NOTE: the vendor disputes this because these header/footer changes can only be made by an...
Cross site scripting
Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. NOTE: the vendor disputes this because these header/footer changes can only be made by an...
CVE-2023-44760
Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. NOTE: the vendor disputes this because these header/footer changes can only be made by an...
PortlandLabs Concrete CMS 跨站脚本漏洞
PortlandLabs Concrete CMS is a team-oriented open source content management system of the United States PortlandLabs company . A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS v.9.2.1, which stems from the lack of effective filtering and escaping of user-supplied data by t...
PT-2023-29284 · Unknown · Concrete Cms
Name of the Vulnerable Software and Affected Versions: Concrete CMS version 9.2.1 Description: The issue concerns multiple Cross Site Scripting XSS vulnerabilities that allow an attacker to execute arbitrary code via a crafted script. This can be done by exploiting the Header and Footer Tracking...
WordPress Pixel & tracking codes for Google Web stories (formerly AMP Stories) Plugin < 1.0.5 is vulnerable to Cross Site Scripting (XSS)
Software Pixel & tracking codes for Google Web stories formerly AMP Stories Type Plugin Vulnerable versions 1.0.5 Fixed in 1.0.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...
Brave browser goes the extra mile to block third party cookies
Brave is testing a new feature to stop bounce tracking, a sneaky method that websites use to load third-party tracking cookies so they can gather more information about who is visiting their site. The Brave browser As you may remember from our post about the best browsers for privacy and security...
WordPress Pixel & tracking codes for Google Web stories (formerly AMP Stories) plugin <= 1.0.2 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Pixel & tracking codes for Google Web stories formerly AMP Stories plugin versions = 1.0.2. Solution Update the WordPress Pixel & tracking codes for Google Web stories formerly AMP Stories plugin to the latest available versio...
WordPress Pixel & tracking codes for Google Web stories (formerly AMP Stories) plugin <= 1.0.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Pixel & tracking codes for Google Web stories formerly AMP Stories plugin versions = 1.0.2. Solution Update the WordPress Pixel & tracking codes for Google Web stories formerly AMP Stories plugin to th...