14 matches found
CVE-2026-3241
In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Legacy Form block when an authenticated user with permissions to create or edit forms injects malicious JavaScript into the options of a multiple-choice question. An attacker can execute arbitrary script...
CVE-2026-3241 Concrete CMS below version 9.4.8 is vulnerable to a stored cross-site scripting (XSS) in the "Legacy Form" block.
In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...
CVE-2026-3241 Concrete CMS below version 9.4.8 is vulnerable to a stored cross-site scripting (XSS) in the "Legacy Form" block.
In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...
CVE-2026-3241
Concrete CMS versions below 9.4.8 are affected by a stored XSS in the Legacy Form block. An authenticated user with permissions to create or edit forms (e.g., a rogue administrator) can inject a persistent JavaScript payload into the options of a multiple‑choice question (Checkbox List, Radio But...
CVE-2026-3241 Concrete CMS below version 9.4.8 is vulnerable to a stored cross-site scripting (XSS) in the "Legacy Form" block.
In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...
PT-2026-22866
In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...
Concrete CMS 安全漏洞
Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS prior to 9.4.8 contained a security vulnerability. This vulnerability stemmed from a storage-type cross-site scripting in the Legacy Form block, which could allow malicious JavaScript...
EUVD-2025-8855
Malicious code in bioql PyPI...
CVE-2025-2963
A vulnerability, which was classified as problematic, has been found in ConcreteCMS up to 9.3.9. This issue affects the function addEditQuestion of the component Legacy Form Block Handler. The manipulation of the argument Question leads to cross site scripting. The attack may be initiated remotel...
CVE-2025-2963
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2025-2963
CVE-2025-2963 is rejected/not used and does not represent an active vulnerability entry.
CVE-2025-2963
...
CVE-2025-2963
...