RSS   Vulnerabilities for 'Concrete cms'   RSS

2021-03-18
 
CVE-2021-28145

CWE-79
 
 
Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges.

 
2020-01-14
 
CVE-2011-3183

CWE-79
 
 
A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier.

 

Copyright 2024, cxsecurity.com

 

Back to Top