Concrete5

Concrete5

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2017-6905

  • EPSS 0.24%
  • Veröffentlicht 15.03.2017 00:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (disable_choose) passed to the "concrete5-legacy-master/web/concrete/tools/files/search_dialog.php" URL. An attacker could ...

6.1

CVE-2017-6908

Exploit
  • EPSS 0.31%
  • Veröffentlicht 15.03.2017 00:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (fID) passed to the "concrete5-legacy-master/web/concrete/tools/files/selector_data.php" URL. An attacker could execute arb...

4.3

CVE-2015-3989

  • EPSS 0.26%
  • Veröffentlicht 15.05.2015 18:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to private messages or other unspecified vectors.

4.3

CVE-2015-2250

Exploit
  • EPSS 0.39%
  • Veröffentlicht 15.05.2015 18:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) banned_word[] parameter to index.php/dashboard/system/conversations/bannedwords/success, (2) chann...

4.3

CVE-2014-9526

Exploit
  • EPSS 0.37%
  • Veröffentlicht 05.01.2015 21:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/dashboard/users/groups/bulkupdate.php or (2) instan...

5

CVE-2014-5107

  • EPSS 1.3%
  • Veröffentlicht 28.07.2014 15:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to (1) system/basics/editor.php, (2) system/view.php, (3) system/environment/file_storage_locations.php, (4) system/mail/importers.php, (5) system/mai...

4.3

CVE-2014-5108

  • EPSS 0.45%
  • Veröffentlicht 28.07.2014 15:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/download_file.

4.3

CVE-2012-5181

  • EPSS 0.49%
  • Veröffentlicht 21.12.2012 21:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.