Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2026/03/05 7:51 a.m.6 views

CVE-2026-3241

In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...

4.8CVSS5.8AI score0.00208EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/04 6:25 a.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Legacy Form block when an authenticated user with permissions to create or edit forms injects malicious JavaScript into the options of a multiple-choice question. An attacker can execute arbitrary script...

4.8CVSS5.7AI score0.00208EPSS
Exploits1References2
OSV
OSV
added 2026/03/04 2:12 a.m.5 views

CVE-2026-3241 Concrete CMS below version 9.4.8 is vulnerable to a stored cross-site scripting (XSS) in the "Legacy Form" block.

In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...

4.8CVSS5.8AI score0.00208EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/04 2:12 a.m.5 views

CVE-2026-3241 Concrete CMS below version 9.4.8 is vulnerable to a stored cross-site scripting (XSS) in the "Legacy Form" block.

In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...

4.8CVSS5.8AI score0.00208EPSS
Exploits1References2
CVE
CVE
added 2026/03/04 2:12 a.m.20 views

CVE-2026-3241

Concrete CMS versions below 9.4.8 are affected by a stored XSS in the Legacy Form block. An authenticated user with permissions to create or edit forms (e.g., a rogue administrator) can inject a persistent JavaScript payload into the options of a multiple‑choice question (Checkbox List, Radio But...

4.8CVSS5.8AI score0.00208EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/04 2:12 a.m.28 views

CVE-2026-3241 Concrete CMS below version 9.4.8 is vulnerable to a stored cross-site scripting (XSS) in the "Legacy Form" block.

In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...

4.8CVSS0.00208EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.10 views

PT-2026-22866

In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...

4.8CVSS5.8AI score0.00208EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.9 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS prior to 9.4.8 contained a security vulnerability. This vulnerability stemmed from a storage-type cross-site scripting in the Legacy Form block, which could allow malicious JavaScript...

4.8CVSS5.8AI score0.00208EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-8855

Malicious code in bioql PyPI...

5.1CVSS6.6AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/04/01 10:50 p.m.16 views

CVE-2025-2963

A vulnerability, which was classified as problematic, has been found in ConcreteCMS up to 9.3.9. This issue affects the function addEditQuestion of the component Legacy Form Block Handler. The manipulation of the argument Question leads to cross site scripting. The attack may be initiated remotel...

6.3AI score
Exploits0References6
NVD
NVD
added 2025/03/30 10:15 p.m.12 views

CVE-2025-2963

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
CVE
CVE
added 2025/03/30 10:0 p.m.55 views

CVE-2025-2963

CVE-2025-2963 is rejected/not used and does not represent an active vulnerability entry.

6.3AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/03/30 10:0 p.m.7 views

CVE-2025-2963

...

6.6AI score
Exploits0
Cvelist
Cvelist
added 2025/03/30 10:0 p.m.13 views

CVE-2025-2963

...

Exploits0
Rows per page
Query Builder