24 matches found
EUVD-2025-8855
Malicious code in bioql PyPI...
CVE-2025-2970
A vulnerability classified as problematic has been found in ConcreteCMS up to 9.3.9. Affected is an unknown function of the component Switch Language Block Handler. The manipulation of the argument Label leads to cross site scripting. It is possible to launch the attack remotely. The exploit has...
CVE-2025-2967
A vulnerability was found in ConcreteCMS up to 9.3.9. It has been classified as problematic. This affects the function Save of the component HTML Block Handler. The manipulation of the argument content leads to HTML injection. It is possible to initiate the attack remotely. The exploit has been...
CVE-2025-2968
A vulnerability was found in ConcreteCMS up to 9.3.9. It has been declared as problematic. This vulnerability affects the function Save of the component Feature Block Handler. The manipulation of the argument Paragraph Source leads to cross site scripting. The attack can be initiated remotely. Th...
CVE-2025-2966
A vulnerability was found in ConcreteCMS up to 9.3.9 and classified as problematic. Affected by this issue is the function Save of the component Content Block Handler. The manipulation of the argument Source leads to cross site scripting. The attack may be launched remotely. The exploit has been...
CVE-2025-2964
A vulnerability, which was classified as problematic, was found in ConcreteCMS up to 9.3.9. Affected is the function Save of the component FAQ Block Handler. The manipulation of the argument Navigation/Title Text/Description Source leads to cross site scripting. It is possible to launch the attac...
ConcreteCMS Cross-Site Scripting (XSS) via HTML Block Text Field
A vulnerability was found in ConcreteCMS up to 9.3.9. It has been classified as problematic. This affects the function Save of the component HTML Block Handler. The manipulation of the argument content leads to HTML injection. It is possible to initiate the attack remotely. The exploit has been...
CVE-2025-2972 ConcreteCMS Page Attribute Display Block cross site scripting
A vulnerability, which was classified as problematic, has been found in ConcreteCMS up to 9.3.9. Affected by this issue is some unknown functionality of the component Page Attribute Display Block Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be...
CVE-2025-2970
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2025-2969
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2025-2971
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2025-2971
...
CVE-2025-2971
ConcreteCMS up to 9.3.9 is implicated by CVE-2025-2971, with a cross-site scripting vulnerability in the List Block Handler: manipulating Name/Description triggers remote abuse. Exploit reportedly disclosed; vendor response unclear. Remediation/patch details are not consistently provided across s...
CVE-2025-2968
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2025-2969
...
CVE-2025-2969
CVE-2025-2969 affects ConcreteCMS up to 9.3.9. The issue is in the Save function of the Feature Link Block Handler, where manipulation of Title/Body Source/Button Text leads to cross-site scripting (XSS). The attack could be carried out remotely; the exploit has been disclosed to the vendor, whic...
CVE-2025-2966
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2025-2967
...
CVE-2025-2966
CVE-2025-2966 entry is rejected by the CVE Numbering Authority and is not an active vulnerability.
CVE-2025-2965
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...