PT-2023-30874 · Unknown · Concrete Cms
Name of the Vulnerable Software and Affected Versions: Concrete CMS versions prior to 8.5.14 Concrete CMS versions 9 prior to 9.2.3 Description: The issue allows Cross Site Request Forgery CSRF via the "ccm/calendar/dialogs/event/delete/submit" API endpoint. An attacker can force an admin to dele...