concrete5/concrete5 vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-3244Mediumconcrete5/concrete5: Concrete CMS has a stored Cross-site Scripting (XSS) vulnerabilityCVE-2022-50807Mediumconcrete5/concrete5: Concrete5 CMS contains an XPath injection vulnerabilityCVE-2025-8573Lowconcrete5/concrete5: Concrete CMS is vulnerable to Stored XSS from Home Folder on Members Dashboard pageCVE-2025-8571Mediumconcrete5/concrete5: Concrete CMS vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard…CVE-2025-3153Mediumconcrete5/concrete5: Concrete CMS Vulnerable to Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS)CVE-2025-2967Mediumconcrete5/concrete5: ConcreteCMS Cross-Site Scripting (XSS) via HTML Block Text FieldCVE-2025-0660Mediumconcrete5/concrete5: Concrete CMS affected by a stored XSS in Folder Function.The "Add Folder" functionalityCVE-2024-8291Mediumconcrete5/concrete5: Cross site scripting in Concrete CMSCVE-2024-7398Mediumconcrete5/concrete5: Cross site scripting in Concrete CMSCVE-2024-8660Mediumconcrete5/concrete5: Concrete CMS stored XSS vulnerability in the "Top Navigator Bar" blockCVE-2024-8661Mediumconcrete5/concrete5: Concrete CMS Stored XSS in the "Next&Previous Nav" blockCVE-2024-7512Lowconcrete5/concrete5: Concrete CMS vulnerable to Stored Cross-site ScriptingCVE-2024-4350Mediumconcrete5/concrete5: Concrete CMS Stored Cross-site Scripting vulnerabilityCVE-2024-7394Mediumconcrete5/concrete5: Concrete CMS Stored XSS in getAttributeSetNameCVE-2024-4353Mediumconcrete5/concrete5: Concrete CMS vulnerable to Stored Cross-site ScriptingCVE-2024-3180Lowconcrete5/concrete5: Concrete CMS Stored XSS in blocks of type fileCVE-2024-3181Lowconcrete5/concrete5: Concrete CMS Stored XSS in the Search FieldCVE-2024-3179Lowconcrete5/concrete5: Concrete CMS Stored XSS in the Custom Class page editingCVE-2024-3178Lowconcrete5/concrete5: Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search FilterCVE-2024-2753Lowconcrete5/concrete5: Concrete CMS Stored XSS on the calendar color settings screenCVE-2024-2179Lowconcrete5/concrete5: Concrete CMS Stored Cross-site Scripting vulnerabilityCVE-2023-48653Mediumconcrete5/concrete5: Concrete CMS Cross Site Request Forgery (CSRF) vulnerabilityCVE-2023-48651Mediumconcrete5/concrete5: Concrete CMS Cross Site Request Forgery (CSRF) vulnerabilityCVE-2023-49337Lowconcrete5/concrete5: Concrete CMS Stored XSSCVE-2023-48650Mediumconcrete5/concrete5: Concrete CMS Stored XSS in Layout Preset Name

Stop the waste.
Protect your environment with Kodem.