| CVE-2017-7725 |
medium |
6.1 |
7.1 |
|
|
|
9y ago |
Concrete CMS vulnerable to cross-site scripting (XSS) |
| CVE-2015-3989 |
medium |
— |
4.3 |
|
|
|
11y ago |
concrete5 vulnerable to Cross-site Scripting |
| CVE-2012-5181 |
medium |
— |
4.3 |
|
|
|
14y ago |
Concrete5 Vulnerable to Cross-Site Scripting (XSS) |
| CVE-2025-8573 |
unknown |
— |
1.0 |
|
|
|
10mo ago |
Concrete CMS is vulnerable to Stored XSS from Home Folder on Members Dashboard page |
| CVE-2026-30662 |
unknown |
— |
— |
|
|
|
2mo ago |
ConcreteCMS is vulnerable to Denial of Service During Bulk Downloads |
| CVE-2026-3242 |
unknown |
— |
— |
|
|
|
3mo ago |
Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability |
| CVE-2026-2994 |
unknown |
— |
— |
|
|
|
3mo ago |
Concrete CMS vulnerable to Cross-Site Request Forgery (CSRF) |
| CVE-2026-3240 |
unknown |
— |
— |
|
|
|
3mo ago |
Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability |
| CVE-2026-3452 |
unknown |
— |
— |
|
|
|
3mo ago |
Concrete CMS vulnerable to Remote Code Execution by stored PHP object injection |
| CVE-2026-3241 |
unknown |
— |
— |
|
|
|
3mo ago |
Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability |
| CVE-2026-3244 |
unknown |
— |
— |
|
|
|
3mo ago |
Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability |
| CVE-2022-50807 |
unknown |
— |
— |
|
|
|
5mo ago |
Concrete5 CMS contains an XPath injection vulnerability |
| CVE-2025-8571 |
unknown |
— |
— |
|
|
|
10mo ago |
Concrete CMS vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page |
| CVE-2025-3153 |
unknown |
— |
— |
|
|
|
1y ago |
Concrete CMS Vulnerable to Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| CVE-2025-2967 |
unknown |
— |
— |
|
|
|
1y ago |
ConcreteCMS Cross-Site Scripting (XSS) via HTML Block Text Field |
| CVE-2025-0660 |
unknown |
— |
— |
|
|
|
1y ago |
Concrete CMS affected by a stored XSS in Folder Function.The "Add Folder" functionality |
| CVE-2024-8291 |
unknown |
— |
— |
|
|
|
2y ago |
Cross site scripting in Concrete CMS |
| CVE-2024-7398 |
unknown |
— |
— |
|
|
|
2y ago |
Cross site scripting in Concrete CMS |
| CVE-2024-8660 |
unknown |
— |
— |
|
|
|
2y ago |
Concrete CMS stored XSS vulnerability in the "Top Navigator Bar" block |
| CVE-2024-8661 |
unknown |
— |
— |
|
|
|
2y ago |
Concrete CMS Stored XSS in the "Next&Previous Nav" block |
| CVE-2024-7512 |
unknown |
— |
— |
|
|
|
2y ago |
Concrete CMS vulnerable to Stored Cross-site Scripting |
| CVE-2024-4350 |
unknown |
— |
— |
|
|
|
2y ago |
Concrete CMS Stored Cross-site Scripting vulnerability |
| CVE-2024-7394 |
unknown |
— |
— |
|
|
|
2y ago |
Concrete CMS Stored XSS in getAttributeSetName |
| CVE-2024-4353 |
unknown |
— |
— |
|
|
|
2y ago |
Concrete CMS vulnerable to Stored Cross-site Scripting |
| CVE-2024-3181 |
unknown |
— |
— |
|
|
|
2y ago |
Concrete CMS Stored XSS in the Search Field |
| CVE-2024-3178 |
unknown |
— |
— |
|
|
|
2y ago |
Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter |
| CVE-2024-3180 |
unknown |
— |
— |
|
|
|
2y ago |
Concrete CMS Stored XSS in blocks of type file |
| CVE-2024-3179 |
unknown |
— |
— |
|
|
|
2y ago |
Concrete CMS Stored XSS in the Custom Class page editing |
| CVE-2024-2753 |
unknown |
— |
— |
|
|
|
2y ago |
Concrete CMS Stored XSS on the calendar color settings screen |
| CVE-2024-2179 |
unknown |
— |
— |
|
|
|
2y ago |
Concrete CMS Stored Cross-site Scripting vulnerability |
| CVE-2023-48653 |
unknown |
— |
— |
|
|
|
2y ago |
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-48650 |
unknown |
— |
— |
|
|
|
2y ago |
Concrete CMS Stored XSS in Layout Preset Name |
| CVE-2023-48651 |
unknown |
— |
— |
|
|
|
2y ago |
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-49337 |
unknown |
— |
— |
|
|
|
2y ago |
Concrete CMS Stored XSS |
| CVE-2024-1245 |
unknown |
— |
— |
|
|
|
2y ago |
Concrete CMS vulnerable to stored XSS in file tags and description attributes |
| CVE-2024-1246 |
unknown |
— |
— |
|
|
|
2y ago |
Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature |
| CVE-2024-1247 |
unknown |
— |
— |
|
|
|
2y ago |
Concrete CMS vulnerable to stored XSS via the Role Name field |
| CVE-2023-48652 |
unknown |
— |
— |
|
|
|
3y ago |
Concrete CMS Cross Site Request Forgery (CSRF) |
| CVE-2023-48649 |
unknown |
— |
— |
|
|
|
3y ago |
Concrete CMS Cross-site Scripting vulnerability |
| CVE-2023-48648 |
unknown |
— |
— |
|
|
|
3y ago |
Concrete CMS allows unauthorized access because directories can be created with insecure permissions |
| CVE-2023-44760 |
unknown |
— |
— |
|
|
|
3y ago |
Concrete CMS Cross-site Scripting vulnerability |
| CVE-2023-44763 |
unknown |
— |
— |
|
|
|
3y ago |
ConcreteCMS vulnerable to Stored Cross-site Scripting |
| CVE-2023-44766 |
unknown |
— |
— |
|
|
|
3y ago |
ConcreteCMS Cross-site Scripting vulnerability |
| CVE-2023-44764 |
unknown |
— |
— |
|
|
|
3y ago |
ConcreteCMS Cross-site Scripting vulnerability |
| CVE-2023-44765 |
unknown |
— |
— |
|
|
|
3y ago |
ConcreteCMS Cross-site Scripting vulnerability |
| CVE-2023-44762 |
unknown |
— |
— |
|
|
|
3y ago |
ConcreteCMS Cross-site Scripting vulnerability |
| CVE-2023-44761 |
unknown |
— |
— |
|
|
|
3y ago |
ConcreteCMS Cross-site Scripting vulnerability |
| CVE-2022-43695 |
unknown |
— |
— |
|
|
|
3y ago |
Concrete CMS Cross-site Scripting vulnerability |
| CVE-2023-28477 |
unknown |
— |
— |
|
|
|
3y ago |
Stored cross site scripting on API integration |
| CVE-2023-28820 |
unknown |
— |
— |
|
|
|
3y ago |
Stored cross site scripting in RSS displayer |
| CVE-2023-28819 |
unknown |
— |
— |
|
|
|
3y ago |
Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names |
| CVE-2023-28821 |
unknown |
— |
— |
|
|
|
3y ago |
Missing rate limit for password resets |
| CVE-2023-28475 |
unknown |
— |
— |
|
|
|
3y ago |
Reflected cross site scripting |
| CVE-2023-28474 |
unknown |
— |
— |
|
|
|
3y ago |
Stored cross site scripting on saved presets |
| CVE-2023-28476 |
unknown |
— |
— |
|
|
|
3y ago |
Stored cross site scripting on tags |
| CVE-2023-28473 |
unknown |
— |
— |
|
|
|
3y ago |
Concrete CMS (previously concrete5) is vulnerable to possible auth bypass in the jobs section |
| CVE-2023-28471 |
unknown |
— |
— |
|
|
|
3y ago |
Stored cross site scripting via container name |
| CVE-2023-28472 |
unknown |
— |
— |
|
|
|
3y ago |
Concrete CMS missing secure cookie parameters |
| CVE-2022-43556 |
unknown |
— |
— |
|
|
|
4y ago |
Concrete CMS vulnerable to cross-site scripting in the text input field |
| CVE-2022-43692 |
unknown |
— |
— |
|
|
|
4y ago |
Concrete CMS vulnerable to Reflected Cross-site Scripting |
| CVE-2022-43694 |
unknown |
— |
— |
|
|
|
4y ago |
Concrete CMS vulnerable to Reflected Cross-site Scripting via image manipulation library |
| CVE-2022-43688 |
unknown |
— |
— |
|
|
|
4y ago |
Concrete CMS vulnerable to Cross-site Scripting |
| CVE-2022-43691 |
unknown |
— |
— |
|
|
|
4y ago |
Concrete CMS vulnerable to Cleartext Transmission of Sensitive Information |
| CVE-2022-43686 |
unknown |
— |
— |
|
|
|
4y ago |
Concrete CMS vulnerable to Uncontrolled Resource Consumption leading to DoS |
| CVE-2022-43687 |
unknown |
— |
— |
|
|
|
4y ago |
Concrete CMS vulnerable to Session Fixation |
| CVE-2022-43968 |
unknown |
— |
— |
|
|
|
4y ago |
Concrete CMS vulnerable to Reflected Cross-Site Scripting via dashboard icons |
| CVE-2022-43967 |
unknown |
— |
— |
|
|
|
4y ago |
Concrete CMS vulnerable to Cross-site Scripting via multilingual report |
| CVE-2022-43689 |
unknown |
— |
— |
|
|
|
4y ago |
Concrete CMS vulnerable to XML External Entity |
| CVE-2022-43690 |
unknown |
— |
— |
|
|
|
4y ago |
Concrete CMS vulnerable to Improper Authentication |
| CVE-2022-43693 |
unknown |
— |
— |
|
|
|
4y ago |
Concrete CMS vulnerable to Cross-site Request Forgery |
| CVE-2021-28145 |
unknown |
— |
— |
|
|
|
4y ago |
Concrete CMS Cross-site Scripting via Survey Blocks |
| CVE-2021-22954 |
unknown |
— |
— |
|
|
|
4y ago |
Cross Site Request Forgery in concrete5/concrete5 |
| CVE-2020-14961 |
unknown |
— |
— |
|
|
|
4y ago |
Unrestricted Uploads in Concrete5 |
| CVE-2020-11476 |
unknown |
— |
— |
|
|
|
5y ago |
Unrestricted Uploads in Concrete5 |
| CVE-2021-22958 |
unknown |
— |
— |
|
|
|
5y ago |
Server-Side Request Forgery vulnerability in concrete5 |