Concretecms

Concrete Cms

166 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2025-2967

  • EPSS 0.03%
  • Veröffentlicht 31.03.2025 01:15:40
  • Zuletzt bearbeitet 04.04.2025 01:15:39

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

3.5

CVE-2025-2968

  • EPSS 0.03%
  • Veröffentlicht 31.03.2025 01:15:40
  • Zuletzt bearbeitet 04.04.2025 01:15:39

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

3.5

CVE-2025-2966

  • EPSS 0.03%
  • Veröffentlicht 31.03.2025 00:15:14
  • Zuletzt bearbeitet 04.04.2025 01:15:39

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

3.5

CVE-2025-2965

  • EPSS 0.03%
  • Veröffentlicht 30.03.2025 23:15:41
  • Zuletzt bearbeitet 04.04.2025 01:15:39

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

3.5

CVE-2025-2964

  • EPSS 0.03%
  • Veröffentlicht 30.03.2025 23:15:40
  • Zuletzt bearbeitet 04.04.2025 01:15:39

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

5.1

CVE-2025-2963

  • EPSS 0.03%
  • Veröffentlicht 30.03.2025 22:15:15
  • Zuletzt bearbeitet 03.04.2025 23:15:38

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

4.8

CVE-2025-0660

  • EPSS 0.3%
  • Veröffentlicht 10.03.2025 20:57:57
  • Zuletzt bearbeitet 04.09.2025 15:54:11

Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names.  The Concrete CMS security team gave thi...

4.8

CVE-2024-8291

  • EPSS 0.49%
  • Veröffentlicht 25.09.2024 01:15:46
  • Zuletzt bearbeitet 17.01.2025 22:15:29

Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color.  A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 5.1 w...

5.4

CVE-2024-7398

  • EPSS 0.45%
  • Veröffentlicht 25.09.2024 01:15:45
  • Zuletzt bearbeitet 21.01.2025 00:15:25

Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. Users or groups with permission to create event calendars...

4.8

CVE-2024-8660

  • EPSS 0.27%
  • Veröffentlicht 17.09.2024 19:15:28
  • Zuletzt bearbeitet 23.09.2024 23:00:00

Concrete CMS versions 9.0.0 through 9.3.3 are affected by a stored XSS vulnerability in the "Top Navigator Bar" block. Since the "Top Navigator Bar" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could...