Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.11 views

CVE-2026-8245

Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL field into href="" . Any authenticated admin or report viewer with access to...

6CVSS5.5AI score0.00139EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/22 12:31 a.m.11 views

EUVD-2026-31357

Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL field into href="" . Any authenticated admin or report viewer with access to...

6CVSS5.8AI score0.00139EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:14 p.m.4 views

CVE-2026-8245

Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL field into href="" . Any authenticated admin or report viewer with access to...

6CVSS5.8AI score0.00139EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/21 9:14 p.m.7 views

CVE-2026-8245 Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection

Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL field into href="" . Any authenticated admin or report viewer with access to...

6CVSS5.8AI score0.00139EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 9:14 p.m.34 views

CVE-2026-8245 Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection

Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL field into href="" . Any authenticated admin or report viewer with access to...

6CVSS0.00139EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 9:14 p.m.19 views

CVE-2026-8245

Concrete CMS 9.5.0 and earlier is vulnerable to a Reflected XSS in Legacy Pagination. The flaw occurs because Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating the $URL field into href, allowing an attacker to craft a URL that injects HTML into the link tag. An authenti...

6CVSS5.8AI score0.00139EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.8 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system designed for teams. Concrete CMS versions 9.5.0 and earlier have a security vulnerability, which stems from a reflective cross-site scripting attack via HTML attribute injection in Legacy Pagination...

6CVSS5.7AI score0.00139EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42563

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description Reflected Cross-Site Scripting XSS occurs in Legacy Pagination through HTML attribute injection. The ConcreteCoreLegacyPagination class constructs pagination links by raw-interpolating the $URL...

6CVSS5.8AI score0.00139EPSS
Exploits0References4
Rows per page
Query Builder