CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

37 matches found

RedhatCVE•added 2026/03/05 7:51 a.m.•5 views

CVE-2026-3240

In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector...

4.8CVSS5.9AI score0.00212EPSS

Exploits1References1

RedhatCVE•added 2026/03/05 7:51 a.m.•6 views

CVE-2026-3241

In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...

4.8CVSS5.8AI score0.00208EPSS

Exploits1References1

Snyk•added 2026/03/04 6:27 a.m.•5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Question field in the Legacy form element. An attacker can execute arbitrary JavaScript code in the context of a high-privilege user's browser by submitting crafted input that is later rendered when the...

4.8CVSS5.7AI score0.00212EPSS

Exploits1References2

Snyk•added 2026/03/04 6:25 a.m.•3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Legacy Form block when an authenticated user with permissions to create or edit forms injects malicious JavaScript into the options of a multiple-choice question. An attacker can execute arbitrary script...

4.8CVSS5.7AI score0.00208EPSS

Exploits1References2

EUVD•added 2026/03/04 3:31 a.m.•6 views

EUVD-2026-9358

4.8CVSS5.9AI score0.00212EPSS

Exploits1References3

EUVD•added 2026/03/04 3:31 a.m.•4 views

EUVD-2026-9359

4.8CVSS5.8AI score0.00208EPSS

Exploits1References3

Github Security Blog•added 2026/03/04 3:31 a.m.•6 views

Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability

In Concrete CMS below version 9.4.8, a Cross-site Scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice question...

4.8CVSS5.9AI score0.00208EPSS

Exploits1References4Affected Software1

Github Security Blog•added 2026/03/04 3:31 a.m.•7 views

Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability

In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team thanks minhnn42, namdi and quanlna2 from VCSLab-Viettel Cyber Security for...

4.8CVSS5.9AI score0.00212EPSS

Exploits1References4Affected Software1

OSV•added 2026/03/04 3:31 a.m.•4 views

GHSA-45FJ-FVMM-XCC5 Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability

In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team thanks minhnn42, namdi and quanlna2 from VCSLab-Viettel Cyber Security for...

4.8CVSS5.9AI score0.00212EPSS

Exploits1References4

OSV•added 2026/03/04 3:31 a.m.•4 views

GHSA-F4VQ-PJ32-GR4Q Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability

4.8CVSS5.9AI score0.00208EPSS

Exploits1References4

OSV•added 2026/03/04 3:16 a.m.•4 views

CVE-2026-3241

4.8CVSS5.6AI score

Exploits0References2