CVE-2024-3179

Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The...

Concrete CMS 安全漏洞

Concrete CMS is a team-oriented open source content management system from Concrete CMS Open Source. A security vulnerability exists in Concrete CMS that stems from the presence of a cross-site scripting XSS vulnerability. Affected products and versions: Concrete CMS version 9 before 9.2.8, versi...

Concrete CMS 安全漏洞

Concrete CMS is a team-oriented open source content management system from Concrete CMS Open Source. A security vulnerability exists in Concrete CMS that stems from the presence of a stored cross-site scripting XSS vulnerability. The following versions are affected: version 9 before 9.2.8, versio...

BIT-GRAFANA-2022-39324 Grafana vulnerable to spoofing originalUrl of snapshots

Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the originalUrl parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be...