12 matches found
EUVD-2025-23659
Malicious code in bioql PyPI...
CVE-2025-8573
Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page. Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concrete CMS security team gave this vulnerabili...
Cross-site Scripting (XSS)
Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Home Folder process on the Members Dashboard page. An attacker can execute arbitrary scripts in the context of another user's session by setting up a...
GHSA-C5XF-RMV4-J85H Concrete CMS is vulnerable to Stored XSS from Home Folder on Members Dashboard page
Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page. Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login...
Concrete CMS is vulnerable to Stored XSS from Home Folder on Members Dashboard page
Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page. Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login...
CVE-2025-8573
Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page. Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concrete CMS security team gave this...
CVE-2025-8573
Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page. Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concrete CMS security team gave this...
CVE-2025-8573 Concrete CMS 9 through 9.4.2 is vulnerable to Stored XSS from Home Folder on Members Dashboard page
Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page. Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concrete CMS security team gave this...
CVE-2025-8573
Concrete CMS versions 9 through 9.4.2 are affected by a Stored XSS in the Home Folder on the Members Dashboard page. An administrator could create a malicious folder whose XSS payload is triggered when users are directed there upon login. Version 8 is not affected. Remediation observed in the con...
CVE-2025-8573 Concrete CMS 9 through 9.4.2 is vulnerable to Stored XSS from Home Folder on Members Dashboard page
Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page. Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concrete CMS security team gave this...
Concrete CMS 安全漏洞
Concrete CMS is a team-oriented open source content management system from Concrete CMS Open Source. A security vulnerability exists in Concrete CMS versions 9 through 9.4.2, which stems from a stored cross-site scripting vulnerability in the Members Dashboard page...
PT-2025-31998 · Unknown · Concrete Cms
Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9 through 9.4.2 Description: Concrete CMS versions 9 through 9.4.2 are susceptible to Stored Cross-Site Scripting XSS originating from the Home Folder on the Members Dashboard page. A malicious administrator could...