Skip to main content

Concrete5

8 CVEs product

Monthly

CVE-2017-6908 MEDIUM POC PATCH This Month

An issue was discovered in concrete5 <= 5.6.3.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Concrete5
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6905 MEDIUM PATCH This Month

An issue was discovered in concrete5 <= 5.6.3.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Concrete5
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-3989 PHP MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to private messages or other. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Concrete5
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-2250 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) banned_word[] parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Concrete5
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-9526 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Concrete5 Concrete Cms
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-5108 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Concrete5 Concrete Cms
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-5107 MEDIUM This Month

concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to (1) system/basics/editor.php, (2) system/view.php, (3). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Concrete5 Concrete Cms
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2012-5181 PHP MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Concrete5
NVD
CVSS 2.0
4.3
EPSS
0.5%
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

An issue was discovered in concrete5 <= 5.6.3.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Concrete5
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

An issue was discovered in concrete5 <= 5.6.3.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Concrete5
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to private messages or other. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Concrete5
NVD
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) banned_word[] parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Concrete5
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Concrete5 +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Concrete5 +1
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to (1) system/basics/editor.php, (2) system/view.php, (3). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Concrete5 +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Concrete5
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy