CVE-2026-6826 Concrete 9.5.0 and below has file usage disclosure via missing permission check in Usage controller

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated file usage disclosure via missing permission check in the usage controller. Any unauthenticated visitor can request /ccm/system/dialogs/file/usage/fID with any file ID and receive a list of every page that references that file,...

CVE-2026-6826 Concrete 9.5.0 and below has file usage disclosure via missing permission check in Usage controller

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated file usage disclosure via missing permission check in the usage controller. Any unauthenticated visitor can request /ccm/system/dialogs/file/usage/fID with any file ID and receive a list of every page that references that file,...

CVE-2026-6826

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated file usage disclosure via missing permission check in the usage controller. Any unauthenticated visitor can request /ccm/system/dialogs/file/usage/fID with any file ID and receive a list of every page that references that file,...

EUVD-2026-31344

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated file usage disclosure via missing permission check in the usage controller. Any unauthenticated visitor can request /ccm/system/dialogs/file/usage/fID with any file ID and receive a list of every page that references that file,...

CVE-2026-8203 Concrete CMS 9.5.0 and below has Stored XSS on the height parameter

Concrete CMS 9.5.0 and below has Stored XSS on the height parameter. The controller does not validate or sanitize $height. Any user with editor privileges can inject malicious JavaScript that executes in the context of any visitor's browser, potentially leading to session hijacking, credential...

CVE-2026-8203 Concrete CMS 9.5.0 and below has Stored XSS on the height parameter

Concrete CMS 9.5.0 and below has Stored XSS on the height parameter. The controller does not validate or sanitize $height. Any user with editor privileges can inject malicious JavaScript that executes in the context of any visitor's browser, potentially leading to session hijacking, credential...

CVE-2026-8203

Affected software : Concrete CMS 9.5.0 and below. Vulnerability : Stored XSS on the height parameter due to lack of validation/sanitization of $height in the controller. Impact : Any visitor could execute malicious JavaScript in their browser when a user with editor privileges injects payloads, p...

EUVD-2026-31341

Concrete CMS 9.5.0 and below has Stored XSS on the height parameter. The controller does not validate or sanitize $height. Any user with editor privileges can inject malicious JavaScript that executes in the context of any visitor's browser, potentially leading to session hijacking, credential...

CVE-2026-8197 Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via OAuth integration name

Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via OAuth integration name. The OAuth authorize template renders the integration name admin-controlled through Concrete's t translation helper as a sprintf-style format. The ... wrap is built by PHP string interpolation before t runs, so th...

CVE-2026-8197

Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via OAuth integration name. The OAuth authorize template renders the integration name admin-controlled through Concrete's t translation helper as a sprintf-style format. The ... wrap is built by PHP string interpolation before t runs, so th...

CVE-2026-8197 Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via OAuth integration name

Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via OAuth integration name. The OAuth authorize template renders the integration name admin-controlled through Concrete's t translation helper as a sprintf-style format. The ... wrap is built by PHP string interpolation before t runs, so th...

CVE-2026-8197

Concrete CMS 9.5.0 and earlier is affected by a Stored XSS via the OAuth integration name. The integration name (admin-controlled) is rendered through the t() translation helper as a sprintf-style format, with the ... wrapper built by PHP string interpolation before t() runs, allowing the integra...

EUVD-2026-31342

Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via OAuth integration name. The OAuth authorize template renders the integration name admin-controlled through Concrete's t translation helper as a sprintf-style format. The ... wrap is built by PHP string interpolation before t runs, so th...

CVE-2026-8350

Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulkuserassignment.php which can lead to privilege escalation to Administrative Group. Any authenticated user with access to the bulk user assignment dashboard page can add any user email to any group and can remove...

CVE-2026-8350 Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php which can lead to privilege escalation to Administrative Group

Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulkuserassignment.php which can lead to privilege escalation to Administrative Group. Any authenticated user with access to the bulk user assignment dashboard page can add any user email to any group and can remove...

CVE-2026-8350

Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php, enabling privilege escalation to the Administrative Group. Any authenticated user with access to the bulk user assignment dashboard can add any user email to any group and can remove legitimate ad...

CVE-2026-8350 Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php which can lead to privilege escalation to Administrative Group

Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulkuserassignment.php which can lead to privilege escalation to Administrative Group. Any authenticated user with access to the bulk user assignment dashboard page can add any user email to any group and can remove...

EUVD-2026-31343

Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulkuserassignment.php which can lead to privilege escalation to Administrative Group. Any authenticated user with access to the bulk user assignment dashboard page can add any user email to any group and can remove...

EUVD-2026-31339

Concrete CMS 9.5.0 and below contains a CSRF vulnerability in the installpackage method of concrete/controllers/singlepage/dashboard/extend/install.php. An attacker who can cause an authenticated administrator to visit a crafted page, and who has placed or caused a package to be present under...

CVE-2026-8421 Concrete CMS 9.5.0 and below is vulnerable to CSRF on install_package() with conditional token bypass leading to RCE

Concrete CMS 9.5.0 and below contains a CSRF vulnerability in the installpackage method of concrete/controllers/singlepage/dashboard/extend/install.php. An attacker who can cause an authenticated administrator to visit a crafted page, and who has placed or caused a package to be present under...