22 matches found
EUVD-2018-5728
Malware in sbrugna...
EUVD-2021-23354
Malware in sbrugna...
EUVD-2012-5104
Malware in sbrugna...
EUVD-2014-5005
Malware in sbrugna...
EUVD-2021-2356
Malware in sbrugna...
EUVD-2021-2139
Malware in sbrugna...
EUVD-2017-15959
Malware in sbrugna...
EUVD-2017-15962
Malware in sbrugna...
EUVD-2021-28488
Malicious code in bioql PyPI...
EUVD-2021-28489
Malicious code in bioql PyPI...
CVE-2021-41463
Cross-site scripting XSS vulnerability in toos/permissions/dialogs/access/entity/types/groupcombination.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the cID parameter...
CVE-2020-14961
Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value...
CVE-2014-5107
concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to 1 system/basics/editor.php, 2 system/view.php, 3 system/environment/filestoragelocations.php, 4 system/mail/importers.php, 5 system/mail/method.php, 6 system/permissions/filetypes.php, 7...
CVE-2012-5181
Cross-site scripting XSS vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-5108
Cross-site scripting XSS vulnerability in singlepages\downloadfile.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/downloadfile...
Cross-Site Request Forgery (CSRF)
concrete5/concrete5 is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient sanitization and addresses not being properly sanitized in the output when a country is not specified. It allows an attacker with limited permissions to glean restricted information,...
Cross-site Scripting (XSS)
Concrete5/concrete5 is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of the calendar event name, allowing users or groups with permission to create or modify event calendars to embed and execute malicious scripts...
Cross Site Scripting(XSS)
concrete5/concrete5 is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to insufficient sanitization of the "Top Navigator Bar" block, allowing a rogue administrator to inject a malicious payload that executes when users visit the home page...
Cross-Site Scripting (XSS)
concrete5 is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of user input sanitization in the rss displayer which allows an attacker to inject arbitrary JavaScript code into the browser...
GHSA-X4X9-4C65-73W8 Concrete5 Vulnerable to Cross-Site Scripting (XSS)
Cross-site scripting XSS vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...