CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

RedhatCVE•added 2025/05/23 4:41 a.m.•5 views

CVE-2023-48650

Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...

4.8CVSS5.8AI score0.01073EPSS

Exploits0

Veracode•added 2024/03/04 7:13 a.m.•15 views

Cross-site Scripting (XSS)

Concrete CMS is vulnerable to cross-site scripting. The vulnerability is due to improper input validation, allowing an administrator to inject malicious code through the Layout Preset name, posing a risk of executing unauthorized scripts within the context of the targeted user's browser...

4.8CVSS6.8AI score0.01073EPSS

Exploits0References5Affected Software1

Github Security Blog•added 2024/02/29 3:33 a.m.•18 views

Concrete CMS Stored XSS in Layout Preset Name

Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...

4.8CVSS5.8AI score0.01073EPSS

Exploits0References6Affected Software1

OSV•added 2024/02/29 3:33 a.m.•11 views

GHSA-X577-GCC9-9XJJ Concrete CMS Stored XSS in Layout Preset Name

Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...

4.8CVSS4.7AI score0.01073EPSS

Exploits0References6

ATTACKERKB•added 2024/02/29 1:41 a.m.•1 views

CVE-2023-48650

Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...

4.8CVSS5.8AI score0.01073EPSS

Exploits0References3

NVD•added 2024/02/29 1:41 a.m.•8 views

CVE-2023-48650

Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...

4.8CVSS5.6AI score0.01073EPSS

Exploits0References2

OSV•added 2024/02/29 1:41 a.m.•3 views

CVE-2023-48650

Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...

4.8CVSS4.8AI score

Exploits0References2

Prion•added 2024/02/29 1:41 a.m.•8 views

Cross site scripting

Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...

6.1AI score0.01073EPSS

Exploits0References2

CNNVD•added 2024/02/29 12:0 a.m.•1 views

PortlandLabs Concrete CMS Security Vulnerability

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. A security vulnerability exists in Concrete CMS prior to version 9.2.3, which stems from a stored cross-site scripting attack via Layout Preset...

4.8CVSS6AI score0.01073EPSS

Exploits0References3

Cvelist•added 2023/12/25 12:0 a.m.•10 views

CVE-2023-48650

Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...

5.7AI score0.01073EPSS

Exploits0References2

Positive Technologies•added 2023/12/25 12:0 a.m.•2 views

PT-2023-30871 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 8.5.13 and earlier Concrete CMS versions 9.0.0 through 9.2.2 Description: The issue allows an admin to add a stored XSS payload via the Layout Preset name, potentially affecting user interactions with the system...

4.8CVSS6.1AI score0.01073EPSS

Exploits0References10