2 matches found
CVE-2018-13790
A Server Side Request Forgery SSRF vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page...
Concrete CMS: Stored XSS vulnerability in additional URLs in 'Location' dialog [Sitemap]
Intro "Transformers: Dark of the Crayons" Type of issue: Core CMS issue Level of severity: Internal Attack Vector Concrete5 version: 8.2.0 RC2 rev. 0a26b63c4a64d42e7afb36aba0a6e4d1f4c53d7d July 19th Summary There is Stored XSS vulnerability in additional URLs in 'Location' dialog. This issue can ...