Known Vulnerabilities for products from Concrete5
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Concrete5".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
|CVE||Shortened Description||Severity||Publish Date||Last Modified|
|CVE-2021-41465||Cross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy 18.104.22.168 and below allo...||6.1 - MEDIUM||2021-10-01||2021-10-01|
|CVE-2021-41464||Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 22.214.171.124 and below allows...||6.1 - MEDIUM||2021-10-01||2021-10-01|
|CVE-2021-41463||Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/access/entity/types/group_combination.php in concrete5-l...||6.1 - MEDIUM||2021-10-01||2021-10-01|
|CVE-2021-41462||Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 126.96.36.199 and below allows...||6.1 - MEDIUM||2021-10-01||2021-10-01|
|CVE-2021-41461||Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 188.8.131.52 and below allows...||6.1 - MEDIUM||2021-10-01||2021-10-01|
|CVE-2021-36766||Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashbo...||7.2 - HIGH||2021-07-30||2021-09-22|
|CVE-2021-22958||A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address...||9.8 - CRITICAL||2021-10-07||2021-10-15|
|CVE-2021-3111||The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/da...||4.8 - MEDIUM||2021-01-08||2021-07-22|
|CVE-2020-24986||Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manag...||7.2 - HIGH||2020-09-04||2020-09-11|
|CVE-2020-14961||Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value.||5.3 - MEDIUM||2020-06-22||2020-06-30|
|CVE-2020-11476||Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file.||7.2 - HIGH||2020-07-28||2020-07-31|
|CVE-2018-19146||Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML dat...||4.8 - MEDIUM||2019-06-17||2021-07-15|
|CVE-2018-13790||A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks...||7.2 - HIGH||2018-07-09||2021-07-15|
|CVE-2017-18195||An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate...||5.3 - MEDIUM||2018-02-26||2018-03-22|
|CVE-2017-8082||concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire install...||6.5 - MEDIUM||2017-04-24||2021-07-15|
|CVE-2017-7725||concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonic...||6.1 - MEDIUM||2017-04-13||2021-07-15|
|CVE-2017-6908||An issue was discovered in concrete5 <= 184.108.40.206. The vulnerability exists due to insufficient filtration of user-supplied dat...||6.1 - MEDIUM||2017-03-15||2017-03-22|
|CVE-2017-6905||An issue was discovered in concrete5 <= 220.127.116.11. The vulnerability exists due to insufficient filtration of user-supplied dat...||6.1 - MEDIUM||2017-03-15||2017-03-23|
|CVE-2015-4724||SQL injection vulnerability in Concrete5 18.104.22.168.||8.8 - HIGH||2017-09-07||2021-07-15|
|CVE-2015-4721||Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 22.214.171.124.||6.1 - MEDIUM||2017-09-07||2021-07-15|
Known software with vulnerabilities from Concrete5
Popular searches for "Concrete5"
A =concrete5 is a free CMS Open Source Content Management System Concrete CMS is an open source content management system. A point and click, free CMS that creates websites.www.sjca.edu www.concrete5.org/r/-/36216 www.concrete5.org/r/-/82852 www.sjca.edu/main.html www.concrete5.org/r/-/67148 www.sjca.edu/asp/home.aspx www.concrete5.org/offers/-/cly3o0xe1til www.concrete5.org/offers/-/hweu3lzzhu8f Content management system Concrete5 Free software Website Open source Point and click DevOps Open content Application software HTML5 video Blog Download Open-source software User experience Usability Software deployment Online shopping Marketspace Solution Theme (computing)