17 matches found
CVE-2026-3242
In Concrete CMS below version 9.4.8, a rogue administrator can add stored XSS via the Switch Language block. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks M3dium for reporting...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Switch Language block. An attacker can execute arbitrary JavaScript code in the context of other users by injecting malicious scripts through this component. Details Cross-site scripting or XSS is a code...
Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability
In Concrete CMS below version 9.4.8, a rogue administrator can add stored XSS via the Switch Language block. The Concrete CMS security team gave thanks M3dium for reporting...
GHSA-W9QG-CHFH-G3Q9 Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability
In Concrete CMS below version 9.4.8, a rogue administrator can add stored XSS via the Switch Language block. The Concrete CMS security team gave thanks M3dium for reporting...
CVE-2026-3242
In Concrete CMS below version 9.4.8, a rogue administrator can add stored XSS via the Switch Language block. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks M3dium for reporting...
CVE-2026-3242
In Concrete CMS below version 9.4.8, a rogue administrator can add stored XSS via the Switch Language block. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks M3dium for reporting...
CVE-2026-3242
In Concrete CMS below version 9.4.8, a rogue administrator can add stored XSS via the Switch Language block. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks M3dium for reporting...
CVE-2026-3242 Concrete CMS below 9.4.8 is vulnerable to Stored XSS in the Switch Language block
In Concrete CMS below version 9.4.8, a rogue administrator can add stored XSS via the Switch Language block. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks M3dium for reporting...
CVE-2026-3242 Concrete CMS below 9.4.8 is vulnerable to Stored XSS in the Switch Language block
In Concrete CMS below version 9.4.8, a rogue administrator can add stored XSS via the Switch Language block. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks M3dium for reporting...
CVE-2026-3242
Concrete CMS
Concrete CMS 安全漏洞
Concrete CMS is an open-source content management system designed for teams. Versions of Concrete CMS prior to 9.4.8 contained a security vulnerability. This vulnerability stemmed from a stored-cross-site scripting vulnerability in the Switch Language block, which could allow malicious...
PT-2026-22867
In Concrete CMS below version 9.4.8, a rogue administrator can add stored XSS via the Switch Language block. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks M3dium for reporting...
CVE-2025-7206
A vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10. This issue affects the function sub410DDC of the file switchlanguage.cgi of the component httpd. The manipulation of the argument Language leads to stack-based buffer overflow. The attack may be initiated...
D-Link DIR-825 安全漏洞
The AUO DIR-605L is the first cloud router from AUO designed for home and small office networks. The AUO DIR-605L suffers from a buffer overflow vulnerability that originates from the failure of Language, a parameter of the function sub410DDC in the file switchlanguage.cgi in the httpd component,...
CVE-2025-2970
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2025-2970
...
CVE-2025-2970
ConcreteCMS (up to 9.3.9) is affected by a cross-site scripting (XSS) flaw in the Switch Language Block Handler. The vulnerability arises from improper handling of the Label argument, enabling an attacker to inject scripts that get executed by end users’ browsers, potentially enabling cookie thef...