Lucene search
K

22 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-5728

Malware in sbrugna...

7.2CVSS7AI score0.01009EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-23354

Malware in sbrugna...

7.2CVSS6.9AI score0.0368EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-5104

Malware in sbrugna...

4.3CVSS6.2AI score0.0143EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-5005

Malware in sbrugna...

5CVSS6.4AI score0.0296EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-2356

Malware in sbrugna...

9CVSS6.9AI score0.02936EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-2139

Malware in sbrugna...

9.8CVSS9.3AI score0.01187EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-15959

Malware in sbrugna...

6.1CVSS6.3AI score0.00989EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-15962

Malware in sbrugna...

6.1CVSS6.3AI score0.01191EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-28488

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00818EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-28489

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00818EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 6:48 p.m.6 views

CVE-2021-41463

Cross-site scripting XSS vulnerability in toos/permissions/dialogs/access/entity/types/groupcombination.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the cID parameter...

6.1CVSS5.9AI score0.00818EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:14 p.m.5 views

CVE-2020-14961

Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value...

5.3CVSS6.8AI score0.00943EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 1:50 p.m.12 views

CVE-2014-5107

concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to 1 system/basics/editor.php, 2 system/view.php, 3 system/environment/filestoragelocations.php, 4 system/mail/importers.php, 5 system/mail/method.php, 6 system/permissions/filetypes.php, 7...

5CVSS6.9AI score0.0296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:44 a.m.5 views

CVE-2012-5181

Cross-site scripting XSS vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.9AI score0.0143EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:35 a.m.6 views

CVE-2014-5108

Cross-site scripting XSS vulnerability in singlepages\downloadfile.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/downloadfile...

4.3CVSS5.9AI score0.02307EPSS
Exploits0References1
Veracode
Veracode
added 2025/04/15 3:55 a.m.7 views

Cross-Site Request Forgery (CSRF)

concrete5/concrete5 is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient sanitization and addresses not being properly sanitized in the output when a country is not specified. It allows an attacker with limited permissions to glean restricted information,...

6.5CVSS6.6AI score0.00155EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2024/09/26 4:54 p.m.8 views

Cross-site Scripting (XSS)

Concrete5/concrete5 is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of the calendar event name, allowing users or groups with permission to create or modify event calendars to embed and execute malicious scripts...

5.4CVSS6.5AI score0.00459EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2024/09/18 2:37 p.m.5 views

Cross Site Scripting(XSS)

concrete5/concrete5 is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to insufficient sanitization of the "Top Navigator Bar" block, allowing a rogue administrator to inject a malicious payload that executes when users visit the home page...

4.8CVSS6.5AI score0.00273EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2023/05/24 8:50 a.m.8 views

Cross-Site Scripting (XSS)

concrete5 is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of user input sanitization in the rss displayer which allows an attacker to inject arbitrary JavaScript code into the browser...

5.4CVSS6.1AI score0.00393EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2022/05/17 12:22 a.m.4 views

GHSA-X4X9-4C65-73W8 Concrete5 Vulnerable to Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.3CVSS5.8AI score0.0143EPSS
Exploits0References5
Rows per page
Query Builder