Known Vulnerabilities for products from Concrete5

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Concrete5".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-41465 Cross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy 5.6.4.0 and below allo... 6.1 - MEDIUM 2021-10-01 2021-10-01
CVE-2021-41464 Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows... 6.1 - MEDIUM 2021-10-01 2021-10-01
CVE-2021-41463 Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/access/entity/types/group_combination.php in concrete5-l... 6.1 - MEDIUM 2021-10-01 2021-10-01
CVE-2021-41462 Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows... 6.1 - MEDIUM 2021-10-01 2021-10-01
CVE-2021-41461 Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows... 6.1 - MEDIUM 2021-10-01 2021-10-01
CVE-2021-36766 Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashbo... 7.2 - HIGH 2021-07-30 2021-09-22
CVE-2021-22958 A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address... 9.8 - CRITICAL 2021-10-07 2021-10-15
CVE-2021-3111 The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/da... 4.8 - MEDIUM 2021-01-08 2021-07-22
CVE-2020-24986 Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manag... 7.2 - HIGH 2020-09-04 2020-09-11
CVE-2020-14961 Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value. 5.3 - MEDIUM 2020-06-22 2020-06-30
CVE-2020-11476 Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file. 7.2 - HIGH 2020-07-28 2020-07-31
CVE-2018-19146 Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML dat... 4.8 - MEDIUM 2019-06-17 2021-07-15
CVE-2018-13790 A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks... 7.2 - HIGH 2018-07-09 2021-07-15
CVE-2017-18195 An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate... 5.3 - MEDIUM 2018-02-26 2018-03-22
CVE-2017-8082 concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire install... 6.5 - MEDIUM 2017-04-24 2021-07-15
CVE-2017-7725 concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonic... 6.1 - MEDIUM 2017-04-13 2021-07-15
CVE-2017-6908 An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied dat... 6.1 - MEDIUM 2017-03-15 2017-03-22
CVE-2017-6905 An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied dat... 6.1 - MEDIUM 2017-03-15 2017-03-23
CVE-2015-4724 SQL injection vulnerability in Concrete5 5.7.3.1. 8.8 - HIGH 2017-09-07 2021-07-15
CVE-2015-4721 Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1. 6.1 - MEDIUM 2017-09-07 2021-07-15

Known software with vulnerabilities from Concrete5

Type Vendor Product Version
ApplicationConcrete5Concrete55.4.2

Popular searches for "Concrete5"

Concrete5

World Wide Web and intranets.concrete5 is designed for ease of use, for users with a minimum of technical skills. It enables users to edit site content directly from the page.

concrete5 is a free CMS Open Source Content Management System

www.concrete5.org

A =concrete5 is a free CMS Open Source Content Management System Concrete CMS is an open source content management system. A point and click, free CMS that creates websites.

www.sjca.edu www.concrete5.org/r/-/36216 www.concrete5.org/r/-/82852 www.sjca.edu/main.html www.concrete5.org/r/-/67148 www.sjca.edu/asp/home.aspx www.concrete5.org/offers/-/cly3o0xe1til www.concrete5.org/offers/-/hweu3lzzhu8f Content management system Concrete5 Free software Website Open source Point and click DevOps Open content Application software HTML5 video Blog Download Open-source software User experience Usability Software deployment Online shopping Marketspace Solution Theme (computing)

© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report