concrete5/concrete5 vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2024-1246Lowconcrete5/concrete5: Concrete CMS vulnerable to reflected XSS via the Image URL Import FeatureCVE-2024-1245Lowconcrete5/concrete5: Concrete CMS vulnerable to stored XSS in file tags and description attributesCVE-2024-1247Lowconcrete5/concrete5: Concrete CMS vulnerable to stored XSS via the Role Name fieldCVE-2023-48652Mediumconcrete5/concrete5: Concrete CMS Cross Site Request Forgery (CSRF)CVE-2023-48648Mediumconcrete5/concrete5: Concrete CMS allows unauthorized access because directories can be created with insecure permissionsCVE-2023-48649Lowconcrete5/concrete5: Concrete CMS Cross-site Scripting vulnerabilityCVE-2023-44760Mediumconcrete5/concrete5: Concrete CMS Cross-site Scripting vulnerabilityCVE-2023-44763Mediumconcrete5/concrete5: ConcreteCMS vulnerable to Stored Cross-site ScriptingCVE-2023-44766Mediumconcrete5/concrete5: ConcreteCMS Cross-site Scripting vulnerabilityCVE-2023-44765Mediumconcrete5/concrete5: ConcreteCMS Cross-site Scripting vulnerabilityCVE-2023-44761Mediumconcrete5/concrete5: ConcreteCMS Cross-site Scripting vulnerabilityCVE-2023-44762Mediumconcrete5/concrete5: ConcreteCMS Cross-site Scripting vulnerabilityCVE-2023-44764Mediumconcrete5/concrete5: ConcreteCMS Cross-site Scripting vulnerabilityCVE-2022-43695Mediumconcrete5/concrete5: Concrete CMS Cross-site Scripting vulnerabilityCVE-2023-28821Mediumconcrete5/concrete5: Missing rate limit for password resetsCVE-2023-28820Lowconcrete5/concrete5: Stored cross site scripting in RSS displayerCVE-2023-28477Mediumconcrete5/concrete5: Stored cross site scripting on API integrationCVE-2023-28819Lowconcrete5/concrete5: Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder namesCVE-2023-28475Mediumconcrete5/concrete5: Reflected cross site scriptingCVE-2023-28476Mediumconcrete5/concrete5: Stored cross site scripting on tagsCVE-2023-28473Criticalconcrete5/concrete5: Concrete CMS (previously concrete5) is vulnerable to possible auth bypass in the jobs sectionCVE-2023-28472Mediumconcrete5/concrete5: Concrete CMS missing secure cookie parametersCVE-2023-28474Mediumconcrete5/concrete5: Stored cross site scripting on saved presetsCVE-2023-28471Mediumconcrete5/concrete5: Stored cross site scripting via container nameCVE-2022-43556Mediumconcrete5/concrete5: Concrete CMS vulnerable to cross-site scripting in the text input field

Stop the waste.
Protect your environment with Kodem.