Lucene search
K

4 matches found

EUVD
EUVD
added 2026/05/22 12:31 a.m.14 views

EUVD-2026-31371

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/express/association/reorder. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

2.3CVSS5.8AI score0.0013EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/21 9:26 p.m.8 views

CVE-2026-8432 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star()

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file star. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan Dror...

2.3CVSS5.8AI score0.0013EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:41 a.m.13 views

Cross site request forgery (csrf)

Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery CSRF at /ccm/system/dialogs/file/delete/1/submit...

7.5AI score0.00276EPSS
Exploits0References2
Prion
Prion
added 2023/12/25 8:15 a.m.21 views

Cross site request forgery (csrf)

Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery CSRF via /ccm/system/dialogs/logs/deleteall/submit. An attacker can force an admin user to delete server report logs on a web application to which they are currently authenticated...

4.3CVSS7.2AI score0.00227EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder