CVE-2023-28472

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies...

CVE-2023-28472

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies...

Code injection

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies...

PT-2023-21742 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS previously concrete5 versions 8.5.12 and below Concrete CMS previously concrete5 versions 9.0 through 9.1.3 Description: The issue is related to the ccmPoll cookies in Concrete CMS, where the Secure and HTTP only attributes are n...

CVE-2023-28472

Concrete CMS (formerly concrete5) has a cookie security issue: the ccmPoll cookie lacks Secure and HttpOnly attributes in versions 8.5.12 and below, and 9.0–9.1.3. This could allow session access/unauthorized actions. The issue is fixed in 9.2+; apply the official patch or upgrade to 9.2 or later...