VYPR

Concrete5

by Concrete5

Source repositories

CVEs (89)

  • CVE-2018-13790HigJul 9, 2018
    risk 0.47cvss 7.2epss 0.01

    A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page.

  • CVE-2017-7725MedApr 13, 2017
    risk 0.43cvss 6.1epss 0.03

    concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host…

  • CVE-2017-8082MedApr 24, 2017
    risk 0.42cvss 6.5epss 0.01

    concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. This results…

  • CVE-2026-8135HigMay 21, 2026
    risk 0.40cvss 7.2epss 0.00

    Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to insecure deserialization occurring in the ExpressEntryList block controller. An rogue administrator with privileges to add blocks to an area can bypass the intended protection mechanism (_fromCIF ===…

  • CVE-2026-8134HigMay 21, 2026
    risk 0.40cvss 7.2epss 0.01

    Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue administrator with composer form editing rights can exploit this to include…

  • CVE-2015-4721MedSep 7, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1.

  • CVE-2017-6908MedMar 15, 2017
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (fID) passed to the "concrete5-legacy-master/web/concrete/tools/files/selector_data.php" URL. An attacker could execute arbitrary HTML and script code…

  • CVE-2017-6905MedMar 15, 2017
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (disable_choose) passed to the "concrete5-legacy-master/web/concrete/tools/files/search_dialog.php" URL. An attacker could execute arbitrary HTML and…

  • CVE-2026-8435MedMay 21, 2026
    risk 0.35cvss 6.5epss 0.00

    Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file approveVersion(). The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC…

  • CVE-2026-7890MedMay 21, 2026
    risk 0.35cvss 6.4epss 0.00

    In Concrete CMS 9.5.0 and below, the RSS Displayer block accepts a feed URL from any page editor and fetches it server-side without validation enabling redirect-to-internal bypasses.  The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.1 with a…

  • CVE-2026-7887MedMay 21, 2026
    risk 0.35cvss 6.4epss 0.00

    For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status. A user with uIsActive=0 (suspended, banned, terminated employee) can still authenticate via OAuth and receive valid API tokens. The Concrete CMS security team gave this…

  • CVE-2026-8140MedMay 21, 2026
    risk 0.35cvss 6.5epss 0.00

    Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/install/download/. The download() method in concrete/controllers/single_page/dashboard/extend/install.php checks only the canInstallPackages() permission before…

  • CVE-2026-8353MedMay 22, 2026
    risk 0.31cvss 4.8epss 0.00

    Concrete CMS version 9.0 to 9.5.0 is vulnerable to Stored XSS via page name in the Atomik theme. A rogue editor can inject arbitrary JavaScript that executes in the context of any authenticated user visiting the affected account pages. This can lead to session hijacking,…

  • CVE-2026-8245MedMay 21, 2026
    risk 0.28cvss 5.4epss 0.00

    Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL field into href="" (). Any authenticated admin or…

  • CVE-2026-8139MedMay 21, 2026
    risk 0.28cvss 5.4epss 0.00

    Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName because updateCollectionAliasExternal bypasses being sanitized. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/V…

  • CVE-2026-8203MedMay 21, 2026
    risk 0.28cvss 5.4epss 0.00

    Concrete CMS 9.5.0 and below has Stored XSS on the height parameter. The controller does not validate or sanitize $height. Any user with editor privileges can inject malicious JavaScript that executes in the context of any visitor's browser, potentially leading to session…

  • CVE-2026-8337MedMay 21, 2026
    risk 0.27cvss 5.3epss 0.00

    Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the…

  • CVE-2026-8240MedMay 21, 2026
    risk 0.27cvss 5.3epss 0.00

    Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealing the existence of private, draft, and restricted pages while leaking title, path, description, and author information. The…

  • CVE-2026-8239MedMay 21, 2026
    risk 0.27cvss 5.3epss 0.00

    Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/get_rating' endpoint confirms existence and returns rating score for any message by ID. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with…

  • CVE-2026-8238MedMay 21, 2026
    risk 0.27cvss 5.3epss 0.00

    Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/message_page' endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages,…

Page 2 of 5