Lucene search
+L

12 matches found

redhatcve
redhatcve
added 2025/05/23 4:41 a.m.22 views

CVE-2023-48650

Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...

4.8CVSS5.8AI score0.0049EPSS
Exploits0
veracode
veracode
added 2024/03/04 7:13 a.m.18 views

Cross-site Scripting (XSS)

Concrete CMS is vulnerable to cross-site scripting. The vulnerability is due to improper input validation, allowing an administrator to inject malicious code through the Layout Preset name, posing a risk of executing unauthorized scripts within the context of the targeted user's browser...

4.8CVSS6.8AI score0.0049EPSS
Exploits0References5Affected Software1
osv
osv
added 2024/02/29 3:33 a.m.31 views

GHSA-X577-GCC9-9XJJ Concrete CMS Stored XSS in Layout Preset Name

Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...

4.8CVSS4.7AI score0.0049EPSS
Exploits0References6
github
github
added 2024/02/29 3:33 a.m.23 views

Concrete CMS Stored XSS in Layout Preset Name

Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...

4.8CVSS5.8AI score0.0049EPSS
Exploits0References6Affected Software1
nvd
nvd
added 2024/02/29 1:41 a.m.34 views

CVE-2023-48650

Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...

4.8CVSS5.6AI score0.0049EPSS
Exploits0References2
attackerkb
attackerkb
added 2024/02/29 1:41 a.m.4 views

CVE-2023-48650

Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...

4.8CVSS5.8AI score0.0049EPSS
Exploits0References3
prion
prion
added 2024/02/29 1:41 a.m.15 views

Cross site scripting

Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...

6.1AI score0.0049EPSS
Exploits0References2
cnnvd
cnnvd
added 2024/02/29 12:0 a.m.6 views

PortlandLabs Concrete CMS Security Vulnerability

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. A security vulnerability exists in Concrete CMS prior to version 9.2.3, which stems from a stored cross-site scripting attack via Layout Preset...

4.8CVSS6AI score0.0049EPSS
Exploits0References3
cvelist
cvelist
added 2023/12/25 12:0 a.m.35 views

CVE-2023-48650

Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...

5.7AI score0.0049EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2023/12/25 12:0 a.m.9 views

CVE-2023-48650

Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...

5.8AI score0.0049EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/12/25 12:0 a.m.6 views

PT-2023-30871 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 8.5.13 and earlier Concrete CMS versions 9.0.0 through 9.2.2 Description: The issue allows an admin to add a stored XSS payload via the Layout Preset name, potentially affecting user interactions with the system...

4.8CVSS6.1AI score0.0049EPSS
Exploits0References10
osv
osv
added 2023/12/25 12:0 a.m.8 views

CVE-2023-48650

Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...

4.8CVSS4.8AI score0.0049EPSS
Exploits0References4
Rows per page
Query Builder