Concrete CMS missing secure cookie parameters

Concrete CMS previously concrete5 before 9.2 does not have Secure and HTTP only attributes set for ccmPoll cookies...

GHSA-F55R-8RCV-MQCF Concrete CMS missing secure cookie parameters

Concrete CMS previously concrete5 before 9.2 does not have Secure and HTTP only attributes set for ccmPoll cookies...

CVE-2023-28472

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies...

CVE-2023-28472

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies...

Code injection

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies...

PortlandLabs Concrete CMS 安全漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. A security vulnerability exists in PortlandLabs Concrete CMS versions prior to 9.2 that stems from not setting the Secure and HTTP only attributes for the ccmPoll cooki...

PT-2023-21742 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS previously concrete5 versions 8.5.12 and below Concrete CMS previously concrete5 versions 9.0 through 9.1.3 Description: The issue is related to the ccmPoll cookies in Concrete CMS, where the Secure and HTTP only attributes are n...

CVE-2023-28472

Concrete CMS (formerly concrete5) has a cookie security issue: the ccmPoll cookie lacks Secure and HttpOnly attributes in versions 8.5.12 and below, and 9.0–9.1.3. This could allow session access/unauthorized actions. The issue is fixed in 9.2+; apply the official patch or upgrade to 9.2 or later...