Lucene search
K

4 matches found

NVD
NVD
added 2022/06/24 3:15 p.m.18 views

CVE-2022-30119

XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-da...

6.1CVSS0.00853EPSS
Exploits0References3
Prion
Prion
added 2022/06/24 3:15 p.m.13 views

Design/Logic Flaw

XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-da...

4.3CVSS6AI score0.00853EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/06/24 3:0 p.m.66 views

CVE-2022-30118

CVE-2022-30118 involves Cross‑Site Scripting in PortlandLabs Concrete CMS. The vulnerability lies in the /dashboard/system/express/entities/forms/save_control/[GUID] path where old browsers, specifically Internet Explorer with XSS protection disabled, can edit a form control in Concrete 8.5.7 and...

6.1CVSS6AI score0.00853EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/06/24 2:59 p.m.109 views

CVE-2022-30117

Concrete CMS versions affected: 8.5.7 and below, and 9.0–9.0.2. The issue is a path traversal in /index.php/ccm/system/file/upload that could enable Arbitrary File Deletion. Root cause: inadequate input validation allowing traversal, enabling access to arbitrary files. Remediation implemented: sa...

9.1CVSS9.2AI score0.02021EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder