8 matches found
CVE-2026-8245
Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL field into href="" . Any authenticated admin or report viewer with access to...
EUVD-2026-31357
Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL field into href="" . Any authenticated admin or report viewer with access to...
CVE-2026-8245
Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL field into href="" . Any authenticated admin or report viewer with access to...
CVE-2026-8245 Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection
Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL field into href="" . Any authenticated admin or report viewer with access to...
CVE-2026-8245 Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection
Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL field into href="" . Any authenticated admin or report viewer with access to...
CVE-2026-8245
Concrete CMS 9.5.0 and earlier is vulnerable to a Reflected XSS in Legacy Pagination. The flaw occurs because Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating the $URL field into href, allowing an attacker to craft a URL that injects HTML into the link tag. An authenti...
PT-2026-42563
Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description Reflected Cross-Site Scripting XSS occurs in Legacy Pagination through HTML attribute injection. The ConcreteCoreLegacyPagination class constructs pagination links by raw-interpolating the $URL...
Concrete CMS 安全漏洞
Concrete CMS is an open-source content management system designed for teams. Concrete CMS versions 9.5.0 and earlier have a security vulnerability, which stems from a reflective cross-site scripting attack via HTML attribute injection in Legacy Pagination...