Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/concrete5/concrete5@8.5.9
Typecomposer
Namespaceconcrete5
Nameconcrete5
Version8.5.9
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version9.4.8
Latest_non_vulnerable_version9.4.8
Affected_by_vulnerabilities
0
url VCID-1zw6-abpq-aqee
vulnerability_id VCID-1zw6-abpq-aqee
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28476
reference_id
reference_type
scores
0
value 0.01758
scoring_system epss
scoring_elements 0.83067
published_at 2026-06-12T12:55:00Z
1
value 0.01758
scoring_system epss
scoring_elements 0.83071
published_at 2026-06-14T12:55:00Z
2
value 0.01758
scoring_system epss
scoring_elements 0.83075
published_at 2026-06-13T12:55:00Z
3
value 0.01758
scoring_system epss
scoring_elements 0.83005
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28476
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28476
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28476
3
reference_url https://github.com/advisories/GHSA-2ggc-552c-rmqr
reference_id GHSA-2ggc-552c-rmqr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2ggc-552c-rmqr
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.2.0
purl pkg:composer/concrete5/concrete5@9.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2a3x-n2fy-eqce
1
vulnerability VCID-2x2h-cef1-yfee
2
vulnerability VCID-3514-7uhf-pufd
3
vulnerability VCID-542x-fkyy-sfcp
4
vulnerability VCID-7mj3-9jvf-vudw
5
vulnerability VCID-7whk-wmkw-vuec
6
vulnerability VCID-8war-c3pp-kuf5
7
vulnerability VCID-9j62-yk3f-bfgk
8
vulnerability VCID-9z1s-b811-3ug2
9
vulnerability VCID-acs4-8efj-jqa5
10
vulnerability VCID-afq8-b83x-ckfn
11
vulnerability VCID-c2xh-rq7d-wqey
12
vulnerability VCID-chav-mybs-syd2
13
vulnerability VCID-d263-cpsv-fkeg
14
vulnerability VCID-d4bd-m93f-aqf2
15
vulnerability VCID-dgf1-ded8-4uef
16
vulnerability VCID-dx1t-b982-5ucd
17
vulnerability VCID-eyep-q35n-ebcv
18
vulnerability VCID-fvdb-zeth-8qh7
19
vulnerability VCID-g134-5qhy-mudn
20
vulnerability VCID-gg3x-yz6u-nygp
21
vulnerability VCID-hdw7-spv5-k3c6
22
vulnerability VCID-htqe-191f-1yab
23
vulnerability VCID-n6yd-31cx-zqh2
24
vulnerability VCID-nahk-p3f1-8bee
25
vulnerability VCID-nuz6-12nr-2yga
26
vulnerability VCID-pd9w-6ke4-13hr
27
vulnerability VCID-pgfy-52ca-wbbf
28
vulnerability VCID-qndd-2vmq-guen
29
vulnerability VCID-rgjf-p329-vbf8
30
vulnerability VCID-rkx3-e4r3-c3gh
31
vulnerability VCID-tgvt-rgwm-d7de
32
vulnerability VCID-tt5n-k5h8-xufp
33
vulnerability VCID-ty11-5ff4-s7av
34
vulnerability VCID-tzyh-y7uc-hff9
35
vulnerability VCID-v39f-kpce-2qhz
36
vulnerability VCID-vbae-fwnr-zff5
37
vulnerability VCID-vdtu-qtuw-v3fs
38
vulnerability VCID-w8rd-ssb2-pkgx
39
vulnerability VCID-wau6-kvqa-pbgu
40
vulnerability VCID-wqt4-uc3s-zbdn
41
vulnerability VCID-x48e-w1z4-57ab
42
vulnerability VCID-yc8g-gqaj-8ycj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0
aliases CVE-2023-28476, GHSA-2ggc-552c-rmqr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1zw6-abpq-aqee
1
url VCID-2a3x-n2fy-eqce
vulnerability_id VCID-2a3x-n2fy-eqce
summary Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-3180
reference_id
reference_type
scores
0
value 0.00104
scoring_system epss
scoring_elements 0.28128
published_at 2026-06-12T12:55:00Z
1
value 0.00104
scoring_system epss
scoring_elements 0.28142
published_at 2026-06-14T12:55:00Z
2
value 0.00104
scoring_system epss
scoring_elements 0.28153
published_at 2026-06-13T12:55:00Z
3
value 0.00104
scoring_system epss
scoring_elements 0.2793
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-3180
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
3
reference_url https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f
4
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
reference_id 8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T19:52:55Z/
url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
5
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
reference_id 928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T19:52:55Z/
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-3180
reference_id CVE-2024-3180
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-3180
7
reference_url https://github.com/advisories/GHSA-9qhc-pg6j-wf23
reference_id GHSA-9qhc-pg6j-wf23
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9qhc-pg6j-wf23
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.16
purl pkg:composer/concrete5/concrete5@8.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mj3-9jvf-vudw
1
vulnerability VCID-c2xh-rq7d-wqey
2
vulnerability VCID-d4bd-m93f-aqf2
3
vulnerability VCID-dgf1-ded8-4uef
4
vulnerability VCID-dx1t-b982-5ucd
5
vulnerability VCID-g134-5qhy-mudn
6
vulnerability VCID-hdw7-spv5-k3c6
7
vulnerability VCID-htqe-191f-1yab
8
vulnerability VCID-nahk-p3f1-8bee
9
vulnerability VCID-nuz6-12nr-2yga
10
vulnerability VCID-qndd-2vmq-guen
11
vulnerability VCID-rkx3-e4r3-c3gh
12
vulnerability VCID-tt5n-k5h8-xufp
13
vulnerability VCID-v39f-kpce-2qhz
14
vulnerability VCID-vdtu-qtuw-v3fs
15
vulnerability VCID-wau6-kvqa-pbgu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.16
1
url pkg:composer/concrete5/concrete5@9.2.8
purl pkg:composer/concrete5/concrete5@9.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mj3-9jvf-vudw
1
vulnerability VCID-9z1s-b811-3ug2
2
vulnerability VCID-c2xh-rq7d-wqey
3
vulnerability VCID-d4bd-m93f-aqf2
4
vulnerability VCID-dgf1-ded8-4uef
5
vulnerability VCID-dx1t-b982-5ucd
6
vulnerability VCID-eyep-q35n-ebcv
7
vulnerability VCID-g134-5qhy-mudn
8
vulnerability VCID-hdw7-spv5-k3c6
9
vulnerability VCID-htqe-191f-1yab
10
vulnerability VCID-nahk-p3f1-8bee
11
vulnerability VCID-nuz6-12nr-2yga
12
vulnerability VCID-pgfy-52ca-wbbf
13
vulnerability VCID-qndd-2vmq-guen
14
vulnerability VCID-rkx3-e4r3-c3gh
15
vulnerability VCID-tt5n-k5h8-xufp
16
vulnerability VCID-v39f-kpce-2qhz
17
vulnerability VCID-vdtu-qtuw-v3fs
18
vulnerability VCID-wau6-kvqa-pbgu
19
vulnerability VCID-x48e-w1z4-57ab
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8
aliases CVE-2024-3180, GHSA-9qhc-pg6j-wf23
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2a3x-n2fy-eqce
2
url VCID-2fk1-gqz6-kbcy
vulnerability_id VCID-2fk1-gqz6-kbcy
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28819
reference_id
reference_type
scores
0
value 0.02002
scoring_system epss
scoring_elements 0.84047
published_at 2026-06-11T12:55:00Z
1
value 0.02002
scoring_system epss
scoring_elements 0.84104
published_at 2026-06-12T12:55:00Z
2
value 0.02002
scoring_system epss
scoring_elements 0.84111
published_at 2026-06-13T12:55:00Z
3
value 0.02002
scoring_system epss
scoring_elements 0.84107
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28819
1
reference_url https://github.com/concretecms/concretecms/pull/11749
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/pull/11749
2
reference_url https://github.com/concretecms/concretecms/releases/tag/8.5.13
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/releases/tag/8.5.13
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28819
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28819
4
reference_url https://github.com/advisories/GHSA-474f-mcjv-pgrm
reference_id GHSA-474f-mcjv-pgrm
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-474f-mcjv-pgrm
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.1.0
purl pkg:composer/concrete5/concrete5@9.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2x2h-cef1-yfee
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-4h16-ay16-qkcs
5
vulnerability VCID-542x-fkyy-sfcp
6
vulnerability VCID-56qq-9y15-nkb7
7
vulnerability VCID-683x-bjfm-j3hh
8
vulnerability VCID-69vg-twmj-jfb2
9
vulnerability VCID-71ae-y44g-kbbw
10
vulnerability VCID-7mj3-9jvf-vudw
11
vulnerability VCID-7whk-wmkw-vuec
12
vulnerability VCID-8war-c3pp-kuf5
13
vulnerability VCID-9j62-yk3f-bfgk
14
vulnerability VCID-9kyu-9sz6-1bea
15
vulnerability VCID-9z1s-b811-3ug2
16
vulnerability VCID-acs4-8efj-jqa5
17
vulnerability VCID-afq8-b83x-ckfn
18
vulnerability VCID-bbxq-cdbp-vucg
19
vulnerability VCID-c2xh-rq7d-wqey
20
vulnerability VCID-chav-mybs-syd2
21
vulnerability VCID-cyhv-k8b7-u3dc
22
vulnerability VCID-d263-cpsv-fkeg
23
vulnerability VCID-d4bd-m93f-aqf2
24
vulnerability VCID-dgf1-ded8-4uef
25
vulnerability VCID-dx1t-b982-5ucd
26
vulnerability VCID-eyep-q35n-ebcv
27
vulnerability VCID-fvdb-zeth-8qh7
28
vulnerability VCID-g134-5qhy-mudn
29
vulnerability VCID-g3pw-h46n-fyac
30
vulnerability VCID-gg3x-yz6u-nygp
31
vulnerability VCID-h56x-jv8r-a3aq
32
vulnerability VCID-h67e-b4s5-guac
33
vulnerability VCID-hdw7-spv5-k3c6
34
vulnerability VCID-he4r-v9gv-tkdh
35
vulnerability VCID-htqe-191f-1yab
36
vulnerability VCID-j9t7-y29v-6bb7
37
vulnerability VCID-m9p2-uh8x-zuh8
38
vulnerability VCID-mjce-crza-h7d4
39
vulnerability VCID-n6yd-31cx-zqh2
40
vulnerability VCID-nahk-p3f1-8bee
41
vulnerability VCID-nuz6-12nr-2yga
42
vulnerability VCID-pbwe-39av-sydg
43
vulnerability VCID-pd9w-6ke4-13hr
44
vulnerability VCID-pgfy-52ca-wbbf
45
vulnerability VCID-pt73-zjft-syhk
46
vulnerability VCID-qndd-2vmq-guen
47
vulnerability VCID-rgjf-p329-vbf8
48
vulnerability VCID-rkx3-e4r3-c3gh
49
vulnerability VCID-tgvt-rgwm-d7de
50
vulnerability VCID-tt5n-k5h8-xufp
51
vulnerability VCID-ty11-5ff4-s7av
52
vulnerability VCID-tzyh-y7uc-hff9
53
vulnerability VCID-v39f-kpce-2qhz
54
vulnerability VCID-vbae-fwnr-zff5
55
vulnerability VCID-vdtu-qtuw-v3fs
56
vulnerability VCID-w8rd-ssb2-pkgx
57
vulnerability VCID-wau6-kvqa-pbgu
58
vulnerability VCID-wqt4-uc3s-zbdn
59
vulnerability VCID-x48e-w1z4-57ab
60
vulnerability VCID-xfwe-ku14-gfe7
61
vulnerability VCID-yc8g-gqaj-8ycj
62
vulnerability VCID-yjan-urxm-g3a4
63
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.0
aliases CVE-2023-28819, GHSA-474f-mcjv-pgrm
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2fk1-gqz6-kbcy
3
url VCID-3514-7uhf-pufd
vulnerability_id VCID-3514-7uhf-pufd
summary Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All administrators have access to the File Manager and hence could create a search filter with the malicious code attached. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator .
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-3178
reference_id
reference_type
scores
0
value 0.00104
scoring_system epss
scoring_elements 0.28128
published_at 2026-06-12T12:55:00Z
1
value 0.00104
scoring_system epss
scoring_elements 0.28142
published_at 2026-06-14T12:55:00Z
2
value 0.00104
scoring_system epss
scoring_elements 0.28153
published_at 2026-06-13T12:55:00Z
3
value 0.00104
scoring_system epss
scoring_elements 0.2793
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-3178
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
3
reference_url https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904
4
reference_url https://github.com/concretecms/concretecms/pull/11988
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/pull/11988
5
reference_url https://github.com/concretecms/concretecms/pull/11989
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/pull/11989
6
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
reference_id 8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T19:59:20Z/
url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
7
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
reference_id 928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T19:59:20Z/
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-3178
reference_id CVE-2024-3178
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-3178
9
reference_url https://github.com/advisories/GHSA-xwrh-qxmc-x8c8
reference_id GHSA-xwrh-qxmc-x8c8
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xwrh-qxmc-x8c8
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.16
purl pkg:composer/concrete5/concrete5@8.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mj3-9jvf-vudw
1
vulnerability VCID-c2xh-rq7d-wqey
2
vulnerability VCID-d4bd-m93f-aqf2
3
vulnerability VCID-dgf1-ded8-4uef
4
vulnerability VCID-dx1t-b982-5ucd
5
vulnerability VCID-g134-5qhy-mudn
6
vulnerability VCID-hdw7-spv5-k3c6
7
vulnerability VCID-htqe-191f-1yab
8
vulnerability VCID-nahk-p3f1-8bee
9
vulnerability VCID-nuz6-12nr-2yga
10
vulnerability VCID-qndd-2vmq-guen
11
vulnerability VCID-rkx3-e4r3-c3gh
12
vulnerability VCID-tt5n-k5h8-xufp
13
vulnerability VCID-v39f-kpce-2qhz
14
vulnerability VCID-vdtu-qtuw-v3fs
15
vulnerability VCID-wau6-kvqa-pbgu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.16
1
url pkg:composer/concrete5/concrete5@9.2.8
purl pkg:composer/concrete5/concrete5@9.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mj3-9jvf-vudw
1
vulnerability VCID-9z1s-b811-3ug2
2
vulnerability VCID-c2xh-rq7d-wqey
3
vulnerability VCID-d4bd-m93f-aqf2
4
vulnerability VCID-dgf1-ded8-4uef
5
vulnerability VCID-dx1t-b982-5ucd
6
vulnerability VCID-eyep-q35n-ebcv
7
vulnerability VCID-g134-5qhy-mudn
8
vulnerability VCID-hdw7-spv5-k3c6
9
vulnerability VCID-htqe-191f-1yab
10
vulnerability VCID-nahk-p3f1-8bee
11
vulnerability VCID-nuz6-12nr-2yga
12
vulnerability VCID-pgfy-52ca-wbbf
13
vulnerability VCID-qndd-2vmq-guen
14
vulnerability VCID-rkx3-e4r3-c3gh
15
vulnerability VCID-tt5n-k5h8-xufp
16
vulnerability VCID-v39f-kpce-2qhz
17
vulnerability VCID-vdtu-qtuw-v3fs
18
vulnerability VCID-wau6-kvqa-pbgu
19
vulnerability VCID-x48e-w1z4-57ab
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8
aliases CVE-2024-3178, GHSA-xwrh-qxmc-x8c8
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3514-7uhf-pufd
4
url VCID-4h16-ay16-qkcs
vulnerability_id VCID-4h16-ay16-qkcs
summary Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS allows association with an entity name that doesn’t exist or, if it does exist, contains XSS since it was not properly sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43695
reference_id
reference_type
scores
0
value 0.00521
scoring_system epss
scoring_elements 0.67375
published_at 2026-06-12T12:55:00Z
1
value 0.00521
scoring_system epss
scoring_elements 0.67388
published_at 2026-06-14T12:55:00Z
2
value 0.00521
scoring_system epss
scoring_elements 0.67284
published_at 2026-06-11T12:55:00Z
3
value 0.00521
scoring_system epss
scoring_elements 0.6739
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43695
1
reference_url https://github.com/concretecms
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-43695
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-43695
3
reference_url https://github.com/concretecms/concretecms/releases/8.5.10
reference_id 8.5.10
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:28:45Z/
url https://github.com/concretecms/concretecms/releases/8.5.10
4
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
reference_id 8510-release-notes
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:28:45Z/
url https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
5
reference_url https://github.com/concretecms/concretecms/releases/9.1.3
reference_id 9.1.3
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:28:45Z/
url https://github.com/concretecms/concretecms/releases/9.1.3
6
reference_url https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
reference_id 913-release-notes
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:28:45Z/
url https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
7
reference_url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
reference_id concrete-cms-security-advisory-2022-10-31
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:28:45Z/
url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
8
reference_url https://github.com/advisories/GHSA-8699-h45g-7hm8
reference_id GHSA-8699-h45g-7hm8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8699-h45g-7hm8
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.10
purl pkg:composer/concrete5/concrete5@8.5.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2fk1-gqz6-kbcy
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-542x-fkyy-sfcp
5
vulnerability VCID-69vg-twmj-jfb2
6
vulnerability VCID-7mj3-9jvf-vudw
7
vulnerability VCID-7whk-wmkw-vuec
8
vulnerability VCID-8war-c3pp-kuf5
9
vulnerability VCID-9j62-yk3f-bfgk
10
vulnerability VCID-acs4-8efj-jqa5
11
vulnerability VCID-afq8-b83x-ckfn
12
vulnerability VCID-bbxq-cdbp-vucg
13
vulnerability VCID-c2xh-rq7d-wqey
14
vulnerability VCID-cyhv-k8b7-u3dc
15
vulnerability VCID-d263-cpsv-fkeg
16
vulnerability VCID-d4bd-m93f-aqf2
17
vulnerability VCID-dgf1-ded8-4uef
18
vulnerability VCID-dx1t-b982-5ucd
19
vulnerability VCID-e9xf-aufp-7ffa
20
vulnerability VCID-fvdb-zeth-8qh7
21
vulnerability VCID-g134-5qhy-mudn
22
vulnerability VCID-gg3x-yz6u-nygp
23
vulnerability VCID-hdw7-spv5-k3c6
24
vulnerability VCID-htqe-191f-1yab
25
vulnerability VCID-j9t7-y29v-6bb7
26
vulnerability VCID-m9p2-uh8x-zuh8
27
vulnerability VCID-n6yd-31cx-zqh2
28
vulnerability VCID-nahk-p3f1-8bee
29
vulnerability VCID-nuz6-12nr-2yga
30
vulnerability VCID-pbqg-vpwf-rkfr
31
vulnerability VCID-qndd-2vmq-guen
32
vulnerability VCID-rgjf-p329-vbf8
33
vulnerability VCID-rkx3-e4r3-c3gh
34
vulnerability VCID-tgvt-rgwm-d7de
35
vulnerability VCID-tt5n-k5h8-xufp
36
vulnerability VCID-ty11-5ff4-s7av
37
vulnerability VCID-tzyh-y7uc-hff9
38
vulnerability VCID-v39f-kpce-2qhz
39
vulnerability VCID-vbae-fwnr-zff5
40
vulnerability VCID-vdtu-qtuw-v3fs
41
vulnerability VCID-wau6-kvqa-pbgu
42
vulnerability VCID-wqt4-uc3s-zbdn
43
vulnerability VCID-yjan-urxm-g3a4
44
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10
1
url pkg:composer/concrete5/concrete5@9.1.3
purl pkg:composer/concrete5/concrete5@9.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2x2h-cef1-yfee
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-542x-fkyy-sfcp
5
vulnerability VCID-69vg-twmj-jfb2
6
vulnerability VCID-7mj3-9jvf-vudw
7
vulnerability VCID-7whk-wmkw-vuec
8
vulnerability VCID-8war-c3pp-kuf5
9
vulnerability VCID-9j62-yk3f-bfgk
10
vulnerability VCID-9z1s-b811-3ug2
11
vulnerability VCID-acs4-8efj-jqa5
12
vulnerability VCID-afq8-b83x-ckfn
13
vulnerability VCID-bbxq-cdbp-vucg
14
vulnerability VCID-c2xh-rq7d-wqey
15
vulnerability VCID-chav-mybs-syd2
16
vulnerability VCID-cyhv-k8b7-u3dc
17
vulnerability VCID-d263-cpsv-fkeg
18
vulnerability VCID-d4bd-m93f-aqf2
19
vulnerability VCID-dgf1-ded8-4uef
20
vulnerability VCID-dx1t-b982-5ucd
21
vulnerability VCID-eyep-q35n-ebcv
22
vulnerability VCID-fvdb-zeth-8qh7
23
vulnerability VCID-g134-5qhy-mudn
24
vulnerability VCID-gg3x-yz6u-nygp
25
vulnerability VCID-hdw7-spv5-k3c6
26
vulnerability VCID-htqe-191f-1yab
27
vulnerability VCID-j9t7-y29v-6bb7
28
vulnerability VCID-m9p2-uh8x-zuh8
29
vulnerability VCID-n6yd-31cx-zqh2
30
vulnerability VCID-nahk-p3f1-8bee
31
vulnerability VCID-nuz6-12nr-2yga
32
vulnerability VCID-pd9w-6ke4-13hr
33
vulnerability VCID-pgfy-52ca-wbbf
34
vulnerability VCID-qndd-2vmq-guen
35
vulnerability VCID-rgjf-p329-vbf8
36
vulnerability VCID-rkx3-e4r3-c3gh
37
vulnerability VCID-s6vy-zjm8-n7bc
38
vulnerability VCID-tgvt-rgwm-d7de
39
vulnerability VCID-tt5n-k5h8-xufp
40
vulnerability VCID-ty11-5ff4-s7av
41
vulnerability VCID-tzyh-y7uc-hff9
42
vulnerability VCID-v39f-kpce-2qhz
43
vulnerability VCID-vbae-fwnr-zff5
44
vulnerability VCID-vdtu-qtuw-v3fs
45
vulnerability VCID-w8rd-ssb2-pkgx
46
vulnerability VCID-wau6-kvqa-pbgu
47
vulnerability VCID-wqt4-uc3s-zbdn
48
vulnerability VCID-x48e-w1z4-57ab
49
vulnerability VCID-yc8g-gqaj-8ycj
50
vulnerability VCID-yjan-urxm-g3a4
51
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3
aliases CVE-2022-43695, GHSA-8699-h45g-7hm8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4h16-ay16-qkcs
5
url VCID-542x-fkyy-sfcp
vulnerability_id VCID-542x-fkyy-sfcp
summary 
Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5.16 is vulnerable to Stored XSS on the calendar color settings screen since Information input by the user is output without escaping. A rogue administrator could inject malicious javascript into the Calendar Color Settings screen which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.0 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N&version=3.1 https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator   

Thank you Rikuto Tauchi for reporting
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-2753
reference_id
reference_type
scores
0
value 0.00247
scoring_system epss
scoring_elements 0.48202
published_at 2026-06-11T12:55:00Z
1
value 0.00247
scoring_system epss
scoring_elements 0.48342
published_at 2026-06-14T12:55:00Z
2
value 0.00247
scoring_system epss
scoring_elements 0.48339
published_at 2026-06-12T12:55:00Z
3
value 0.00247
scoring_system epss
scoring_elements 0.48356
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-2753
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
3
reference_url https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f
4
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
reference_id 8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
reference_type
scores
0
value 2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:53:05Z/
url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
5
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
reference_id 928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
reference_type
scores
0
value 2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:53:05Z/
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-2753
reference_id CVE-2024-2753
reference_type
scores
0
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-2753
7
reference_url https://github.com/advisories/GHSA-pj42-r64f-4xfq
reference_id GHSA-pj42-r64f-4xfq
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pj42-r64f-4xfq
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.16
purl pkg:composer/concrete5/concrete5@8.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mj3-9jvf-vudw
1
vulnerability VCID-c2xh-rq7d-wqey
2
vulnerability VCID-d4bd-m93f-aqf2
3
vulnerability VCID-dgf1-ded8-4uef
4
vulnerability VCID-dx1t-b982-5ucd
5
vulnerability VCID-g134-5qhy-mudn
6
vulnerability VCID-hdw7-spv5-k3c6
7
vulnerability VCID-htqe-191f-1yab
8
vulnerability VCID-nahk-p3f1-8bee
9
vulnerability VCID-nuz6-12nr-2yga
10
vulnerability VCID-qndd-2vmq-guen
11
vulnerability VCID-rkx3-e4r3-c3gh
12
vulnerability VCID-tt5n-k5h8-xufp
13
vulnerability VCID-v39f-kpce-2qhz
14
vulnerability VCID-vdtu-qtuw-v3fs
15
vulnerability VCID-wau6-kvqa-pbgu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.16
1
url pkg:composer/concrete5/concrete5@9.2.8
purl pkg:composer/concrete5/concrete5@9.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mj3-9jvf-vudw
1
vulnerability VCID-9z1s-b811-3ug2
2
vulnerability VCID-c2xh-rq7d-wqey
3
vulnerability VCID-d4bd-m93f-aqf2
4
vulnerability VCID-dgf1-ded8-4uef
5
vulnerability VCID-dx1t-b982-5ucd
6
vulnerability VCID-eyep-q35n-ebcv
7
vulnerability VCID-g134-5qhy-mudn
8
vulnerability VCID-hdw7-spv5-k3c6
9
vulnerability VCID-htqe-191f-1yab
10
vulnerability VCID-nahk-p3f1-8bee
11
vulnerability VCID-nuz6-12nr-2yga
12
vulnerability VCID-pgfy-52ca-wbbf
13
vulnerability VCID-qndd-2vmq-guen
14
vulnerability VCID-rkx3-e4r3-c3gh
15
vulnerability VCID-tt5n-k5h8-xufp
16
vulnerability VCID-v39f-kpce-2qhz
17
vulnerability VCID-vdtu-qtuw-v3fs
18
vulnerability VCID-wau6-kvqa-pbgu
19
vulnerability VCID-x48e-w1z4-57ab
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8
aliases CVE-2024-2753, GHSA-pj42-r64f-4xfq
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-542x-fkyy-sfcp
6
url VCID-56qq-9y15-nkb7
vulnerability_id VCID-56qq-9y15-nkb7
summary Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS - user can cause an administrator to trigger reflected XSS with a url if the targeted administrator is using an old browser that lacks XSS protection. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43692
reference_id
reference_type
scores
0
value 0.00656
scoring_system epss
scoring_elements 0.71591
published_at 2026-06-13T12:55:00Z
1
value 0.00656
scoring_system epss
scoring_elements 0.71492
published_at 2026-06-11T12:55:00Z
2
value 0.00656
scoring_system epss
scoring_elements 0.71578
published_at 2026-06-12T12:55:00Z
3
value 0.00656
scoring_system epss
scoring_elements 0.71589
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43692
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/commit/0bd65388e5a6d455d8b2469fc166f1b6fdf1abbb
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/0bd65388e5a6d455d8b2469fc166f1b6fdf1abbb
3
reference_url https://github.com/concretecms/concretecms/commit/5e353be6a12764dbc2338246f2c1b6058cdfd037
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/5e353be6a12764dbc2338246f2c1b6058cdfd037
4
reference_url https://github.com/concretecms/concretecms/pull/10996
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/pull/10996
5
reference_url https://github.com/concretecms/concretecms/releases/8.5.10
reference_id 8.5.10
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:10:04Z/
url https://github.com/concretecms/concretecms/releases/8.5.10
6
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
reference_id 8510-release-notes
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:10:04Z/
url https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
7
reference_url https://github.com/concretecms/concretecms/releases/9.1.3
reference_id 9.1.3
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:10:04Z/
url https://github.com/concretecms/concretecms/releases/9.1.3
8
reference_url https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
reference_id 913-release-notes
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:10:04Z/
url https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
9
reference_url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
reference_id concrete-cms-security-advisory-2022-10-31
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:10:04Z/
url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-43692
reference_id CVE-2022-43692
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-43692
11
reference_url https://github.com/advisories/GHSA-rg6w-c352-p8pg
reference_id GHSA-rg6w-c352-p8pg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rg6w-c352-p8pg
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.10
purl pkg:composer/concrete5/concrete5@8.5.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2fk1-gqz6-kbcy
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-542x-fkyy-sfcp
5
vulnerability VCID-69vg-twmj-jfb2
6
vulnerability VCID-7mj3-9jvf-vudw
7
vulnerability VCID-7whk-wmkw-vuec
8
vulnerability VCID-8war-c3pp-kuf5
9
vulnerability VCID-9j62-yk3f-bfgk
10
vulnerability VCID-acs4-8efj-jqa5
11
vulnerability VCID-afq8-b83x-ckfn
12
vulnerability VCID-bbxq-cdbp-vucg
13
vulnerability VCID-c2xh-rq7d-wqey
14
vulnerability VCID-cyhv-k8b7-u3dc
15
vulnerability VCID-d263-cpsv-fkeg
16
vulnerability VCID-d4bd-m93f-aqf2
17
vulnerability VCID-dgf1-ded8-4uef
18
vulnerability VCID-dx1t-b982-5ucd
19
vulnerability VCID-e9xf-aufp-7ffa
20
vulnerability VCID-fvdb-zeth-8qh7
21
vulnerability VCID-g134-5qhy-mudn
22
vulnerability VCID-gg3x-yz6u-nygp
23
vulnerability VCID-hdw7-spv5-k3c6
24
vulnerability VCID-htqe-191f-1yab
25
vulnerability VCID-j9t7-y29v-6bb7
26
vulnerability VCID-m9p2-uh8x-zuh8
27
vulnerability VCID-n6yd-31cx-zqh2
28
vulnerability VCID-nahk-p3f1-8bee
29
vulnerability VCID-nuz6-12nr-2yga
30
vulnerability VCID-pbqg-vpwf-rkfr
31
vulnerability VCID-qndd-2vmq-guen
32
vulnerability VCID-rgjf-p329-vbf8
33
vulnerability VCID-rkx3-e4r3-c3gh
34
vulnerability VCID-tgvt-rgwm-d7de
35
vulnerability VCID-tt5n-k5h8-xufp
36
vulnerability VCID-ty11-5ff4-s7av
37
vulnerability VCID-tzyh-y7uc-hff9
38
vulnerability VCID-v39f-kpce-2qhz
39
vulnerability VCID-vbae-fwnr-zff5
40
vulnerability VCID-vdtu-qtuw-v3fs
41
vulnerability VCID-wau6-kvqa-pbgu
42
vulnerability VCID-wqt4-uc3s-zbdn
43
vulnerability VCID-yjan-urxm-g3a4
44
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10
1
url pkg:composer/concrete5/concrete5@9.1.3
purl pkg:composer/concrete5/concrete5@9.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2x2h-cef1-yfee
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-542x-fkyy-sfcp
5
vulnerability VCID-69vg-twmj-jfb2
6
vulnerability VCID-7mj3-9jvf-vudw
7
vulnerability VCID-7whk-wmkw-vuec
8
vulnerability VCID-8war-c3pp-kuf5
9
vulnerability VCID-9j62-yk3f-bfgk
10
vulnerability VCID-9z1s-b811-3ug2
11
vulnerability VCID-acs4-8efj-jqa5
12
vulnerability VCID-afq8-b83x-ckfn
13
vulnerability VCID-bbxq-cdbp-vucg
14
vulnerability VCID-c2xh-rq7d-wqey
15
vulnerability VCID-chav-mybs-syd2
16
vulnerability VCID-cyhv-k8b7-u3dc
17
vulnerability VCID-d263-cpsv-fkeg
18
vulnerability VCID-d4bd-m93f-aqf2
19
vulnerability VCID-dgf1-ded8-4uef
20
vulnerability VCID-dx1t-b982-5ucd
21
vulnerability VCID-eyep-q35n-ebcv
22
vulnerability VCID-fvdb-zeth-8qh7
23
vulnerability VCID-g134-5qhy-mudn
24
vulnerability VCID-gg3x-yz6u-nygp
25
vulnerability VCID-hdw7-spv5-k3c6
26
vulnerability VCID-htqe-191f-1yab
27
vulnerability VCID-j9t7-y29v-6bb7
28
vulnerability VCID-m9p2-uh8x-zuh8
29
vulnerability VCID-n6yd-31cx-zqh2
30
vulnerability VCID-nahk-p3f1-8bee
31
vulnerability VCID-nuz6-12nr-2yga
32
vulnerability VCID-pd9w-6ke4-13hr
33
vulnerability VCID-pgfy-52ca-wbbf
34
vulnerability VCID-qndd-2vmq-guen
35
vulnerability VCID-rgjf-p329-vbf8
36
vulnerability VCID-rkx3-e4r3-c3gh
37
vulnerability VCID-s6vy-zjm8-n7bc
38
vulnerability VCID-tgvt-rgwm-d7de
39
vulnerability VCID-tt5n-k5h8-xufp
40
vulnerability VCID-ty11-5ff4-s7av
41
vulnerability VCID-tzyh-y7uc-hff9
42
vulnerability VCID-v39f-kpce-2qhz
43
vulnerability VCID-vbae-fwnr-zff5
44
vulnerability VCID-vdtu-qtuw-v3fs
45
vulnerability VCID-w8rd-ssb2-pkgx
46
vulnerability VCID-wau6-kvqa-pbgu
47
vulnerability VCID-wqt4-uc3s-zbdn
48
vulnerability VCID-x48e-w1z4-57ab
49
vulnerability VCID-yc8g-gqaj-8ycj
50
vulnerability VCID-yjan-urxm-g3a4
51
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3
aliases CVE-2022-43692, GHSA-rg6w-c352-p8pg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-56qq-9y15-nkb7
7
url VCID-683x-bjfm-j3hh
vulnerability_id VCID-683x-bjfm-j3hh
summary Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43689
reference_id
reference_type
scores
0
value 0.00289
scoring_system epss
scoring_elements 0.52667
published_at 2026-06-11T12:55:00Z
1
value 0.00289
scoring_system epss
scoring_elements 0.52792
published_at 2026-06-14T12:55:00Z
2
value 0.00289
scoring_system epss
scoring_elements 0.5281
published_at 2026-06-13T12:55:00Z
3
value 0.00289
scoring_system epss
scoring_elements 0.52795
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43689
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/releases/8.5.10
reference_id 8.5.10
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:16:39Z/
url https://github.com/concretecms/concretecms/releases/8.5.10
3
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
reference_id 8510-release-notes
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:16:39Z/
url https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
4
reference_url https://github.com/concretecms/concretecms/releases/9.1.3
reference_id 9.1.3
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:16:39Z/
url https://github.com/concretecms/concretecms/releases/9.1.3
5
reference_url https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
reference_id 913-release-notes
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:16:39Z/
url https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
6
reference_url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
reference_id concrete-cms-security-advisory-2022-10-31
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:16:39Z/
url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-43689
reference_id CVE-2022-43689
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-43689
8
reference_url https://github.com/advisories/GHSA-q48r-xg9h-78m8
reference_id GHSA-q48r-xg9h-78m8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q48r-xg9h-78m8
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.10
purl pkg:composer/concrete5/concrete5@8.5.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2fk1-gqz6-kbcy
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-542x-fkyy-sfcp
5
vulnerability VCID-69vg-twmj-jfb2
6
vulnerability VCID-7mj3-9jvf-vudw
7
vulnerability VCID-7whk-wmkw-vuec
8
vulnerability VCID-8war-c3pp-kuf5
9
vulnerability VCID-9j62-yk3f-bfgk
10
vulnerability VCID-acs4-8efj-jqa5
11
vulnerability VCID-afq8-b83x-ckfn
12
vulnerability VCID-bbxq-cdbp-vucg
13
vulnerability VCID-c2xh-rq7d-wqey
14
vulnerability VCID-cyhv-k8b7-u3dc
15
vulnerability VCID-d263-cpsv-fkeg
16
vulnerability VCID-d4bd-m93f-aqf2
17
vulnerability VCID-dgf1-ded8-4uef
18
vulnerability VCID-dx1t-b982-5ucd
19
vulnerability VCID-e9xf-aufp-7ffa
20
vulnerability VCID-fvdb-zeth-8qh7
21
vulnerability VCID-g134-5qhy-mudn
22
vulnerability VCID-gg3x-yz6u-nygp
23
vulnerability VCID-hdw7-spv5-k3c6
24
vulnerability VCID-htqe-191f-1yab
25
vulnerability VCID-j9t7-y29v-6bb7
26
vulnerability VCID-m9p2-uh8x-zuh8
27
vulnerability VCID-n6yd-31cx-zqh2
28
vulnerability VCID-nahk-p3f1-8bee
29
vulnerability VCID-nuz6-12nr-2yga
30
vulnerability VCID-pbqg-vpwf-rkfr
31
vulnerability VCID-qndd-2vmq-guen
32
vulnerability VCID-rgjf-p329-vbf8
33
vulnerability VCID-rkx3-e4r3-c3gh
34
vulnerability VCID-tgvt-rgwm-d7de
35
vulnerability VCID-tt5n-k5h8-xufp
36
vulnerability VCID-ty11-5ff4-s7av
37
vulnerability VCID-tzyh-y7uc-hff9
38
vulnerability VCID-v39f-kpce-2qhz
39
vulnerability VCID-vbae-fwnr-zff5
40
vulnerability VCID-vdtu-qtuw-v3fs
41
vulnerability VCID-wau6-kvqa-pbgu
42
vulnerability VCID-wqt4-uc3s-zbdn
43
vulnerability VCID-yjan-urxm-g3a4
44
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10
1
url pkg:composer/concrete5/concrete5@9.1.2
purl pkg:composer/concrete5/concrete5@9.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2x2h-cef1-yfee
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-4h16-ay16-qkcs
5
vulnerability VCID-542x-fkyy-sfcp
6
vulnerability VCID-56qq-9y15-nkb7
7
vulnerability VCID-69vg-twmj-jfb2
8
vulnerability VCID-71ae-y44g-kbbw
9
vulnerability VCID-7mj3-9jvf-vudw
10
vulnerability VCID-7whk-wmkw-vuec
11
vulnerability VCID-8war-c3pp-kuf5
12
vulnerability VCID-9j62-yk3f-bfgk
13
vulnerability VCID-9kyu-9sz6-1bea
14
vulnerability VCID-9z1s-b811-3ug2
15
vulnerability VCID-acs4-8efj-jqa5
16
vulnerability VCID-afq8-b83x-ckfn
17
vulnerability VCID-bbxq-cdbp-vucg
18
vulnerability VCID-c2xh-rq7d-wqey
19
vulnerability VCID-chav-mybs-syd2
20
vulnerability VCID-cyhv-k8b7-u3dc
21
vulnerability VCID-d263-cpsv-fkeg
22
vulnerability VCID-d4bd-m93f-aqf2
23
vulnerability VCID-dgf1-ded8-4uef
24
vulnerability VCID-dx1t-b982-5ucd
25
vulnerability VCID-eyep-q35n-ebcv
26
vulnerability VCID-fvdb-zeth-8qh7
27
vulnerability VCID-g134-5qhy-mudn
28
vulnerability VCID-g3pw-h46n-fyac
29
vulnerability VCID-gg3x-yz6u-nygp
30
vulnerability VCID-h56x-jv8r-a3aq
31
vulnerability VCID-h67e-b4s5-guac
32
vulnerability VCID-hdw7-spv5-k3c6
33
vulnerability VCID-he4r-v9gv-tkdh
34
vulnerability VCID-htqe-191f-1yab
35
vulnerability VCID-j9t7-y29v-6bb7
36
vulnerability VCID-m9p2-uh8x-zuh8
37
vulnerability VCID-mjce-crza-h7d4
38
vulnerability VCID-n6yd-31cx-zqh2
39
vulnerability VCID-nahk-p3f1-8bee
40
vulnerability VCID-nuz6-12nr-2yga
41
vulnerability VCID-pbwe-39av-sydg
42
vulnerability VCID-pd9w-6ke4-13hr
43
vulnerability VCID-pgfy-52ca-wbbf
44
vulnerability VCID-pt73-zjft-syhk
45
vulnerability VCID-qndd-2vmq-guen
46
vulnerability VCID-rgjf-p329-vbf8
47
vulnerability VCID-rkx3-e4r3-c3gh
48
vulnerability VCID-tgvt-rgwm-d7de
49
vulnerability VCID-tt5n-k5h8-xufp
50
vulnerability VCID-ty11-5ff4-s7av
51
vulnerability VCID-tzyh-y7uc-hff9
52
vulnerability VCID-v39f-kpce-2qhz
53
vulnerability VCID-vbae-fwnr-zff5
54
vulnerability VCID-vdtu-qtuw-v3fs
55
vulnerability VCID-w8rd-ssb2-pkgx
56
vulnerability VCID-wau6-kvqa-pbgu
57
vulnerability VCID-wqt4-uc3s-zbdn
58
vulnerability VCID-x48e-w1z4-57ab
59
vulnerability VCID-xfwe-ku14-gfe7
60
vulnerability VCID-yc8g-gqaj-8ycj
61
vulnerability VCID-yjan-urxm-g3a4
62
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.2
aliases CVE-2022-43689, GHSA-q48r-xg9h-78m8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-683x-bjfm-j3hh
8
url VCID-69vg-twmj-jfb2
vulnerability_id VCID-69vg-twmj-jfb2
summary Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS via a container name.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28471
reference_id
reference_type
scores
0
value 0.01927
scoring_system epss
scoring_elements 0.83763
published_at 2026-06-11T12:55:00Z
1
value 0.01927
scoring_system epss
scoring_elements 0.83826
published_at 2026-06-14T12:55:00Z
2
value 0.01927
scoring_system epss
scoring_elements 0.83829
published_at 2026-06-13T12:55:00Z
3
value 0.01927
scoring_system epss
scoring_elements 0.8382
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28471
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28471
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28471
3
reference_url https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates
reference_id 2023-12-05-concrete-cms-new-cves-and-cve-updates
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:13Z/
url https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates
4
reference_url https://concretecms.com
reference_id concretecms.com
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:13Z/
url https://concretecms.com
5
reference_url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20
reference_id concrete-cms-security-advisory-2023-04-20
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:13Z/
url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20
6
reference_url https://github.com/advisories/GHSA-9h33-5fxw-r2xv
reference_id GHSA-9h33-5fxw-r2xv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9h33-5fxw-r2xv
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.2.0
purl pkg:composer/concrete5/concrete5@9.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2a3x-n2fy-eqce
1
vulnerability VCID-2x2h-cef1-yfee
2
vulnerability VCID-3514-7uhf-pufd
3
vulnerability VCID-542x-fkyy-sfcp
4
vulnerability VCID-7mj3-9jvf-vudw
5
vulnerability VCID-7whk-wmkw-vuec
6
vulnerability VCID-8war-c3pp-kuf5
7
vulnerability VCID-9j62-yk3f-bfgk
8
vulnerability VCID-9z1s-b811-3ug2
9
vulnerability VCID-acs4-8efj-jqa5
10
vulnerability VCID-afq8-b83x-ckfn
11
vulnerability VCID-c2xh-rq7d-wqey
12
vulnerability VCID-chav-mybs-syd2
13
vulnerability VCID-d263-cpsv-fkeg
14
vulnerability VCID-d4bd-m93f-aqf2
15
vulnerability VCID-dgf1-ded8-4uef
16
vulnerability VCID-dx1t-b982-5ucd
17
vulnerability VCID-eyep-q35n-ebcv
18
vulnerability VCID-fvdb-zeth-8qh7
19
vulnerability VCID-g134-5qhy-mudn
20
vulnerability VCID-gg3x-yz6u-nygp
21
vulnerability VCID-hdw7-spv5-k3c6
22
vulnerability VCID-htqe-191f-1yab
23
vulnerability VCID-n6yd-31cx-zqh2
24
vulnerability VCID-nahk-p3f1-8bee
25
vulnerability VCID-nuz6-12nr-2yga
26
vulnerability VCID-pd9w-6ke4-13hr
27
vulnerability VCID-pgfy-52ca-wbbf
28
vulnerability VCID-qndd-2vmq-guen
29
vulnerability VCID-rgjf-p329-vbf8
30
vulnerability VCID-rkx3-e4r3-c3gh
31
vulnerability VCID-tgvt-rgwm-d7de
32
vulnerability VCID-tt5n-k5h8-xufp
33
vulnerability VCID-ty11-5ff4-s7av
34
vulnerability VCID-tzyh-y7uc-hff9
35
vulnerability VCID-v39f-kpce-2qhz
36
vulnerability VCID-vbae-fwnr-zff5
37
vulnerability VCID-vdtu-qtuw-v3fs
38
vulnerability VCID-w8rd-ssb2-pkgx
39
vulnerability VCID-wau6-kvqa-pbgu
40
vulnerability VCID-wqt4-uc3s-zbdn
41
vulnerability VCID-x48e-w1z4-57ab
42
vulnerability VCID-yc8g-gqaj-8ycj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0
aliases CVE-2023-28471, GHSA-9h33-5fxw-r2xv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-69vg-twmj-jfb2
9
url VCID-71ae-y44g-kbbw
vulnerability_id VCID-71ae-y44g-kbbw
summary Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Thanks @_akbar_jafarli_ for reporting. Remediate by updating to Concrete CMS 8.5.10 and Concrete CMS 9.1.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43556
reference_id
reference_type
scores
0
value 0.01853
scoring_system epss
scoring_elements 0.83499
published_at 2026-06-13T12:55:00Z
1
value 0.01853
scoring_system epss
scoring_elements 0.83431
published_at 2026-06-11T12:55:00Z
2
value 0.01853
scoring_system epss
scoring_elements 0.83496
published_at 2026-06-14T12:55:00Z
3
value 0.01853
scoring_system epss
scoring_elements 0.8349
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43556
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
reference_id 8510-release-notes
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:59:04Z/
url https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
3
reference_url https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
reference_id 913-release-notes
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:59:04Z/
url https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
4
reference_url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
reference_id concrete-cms-security-advisory-2022-10-31
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:59:04Z/
url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-43556
reference_id CVE-2022-43556
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-43556
6
reference_url https://github.com/advisories/GHSA-xj33-8r43-r227
reference_id GHSA-xj33-8r43-r227
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xj33-8r43-r227
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.10
purl pkg:composer/concrete5/concrete5@8.5.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2fk1-gqz6-kbcy
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-542x-fkyy-sfcp
5
vulnerability VCID-69vg-twmj-jfb2
6
vulnerability VCID-7mj3-9jvf-vudw
7
vulnerability VCID-7whk-wmkw-vuec
8
vulnerability VCID-8war-c3pp-kuf5
9
vulnerability VCID-9j62-yk3f-bfgk
10
vulnerability VCID-acs4-8efj-jqa5
11
vulnerability VCID-afq8-b83x-ckfn
12
vulnerability VCID-bbxq-cdbp-vucg
13
vulnerability VCID-c2xh-rq7d-wqey
14
vulnerability VCID-cyhv-k8b7-u3dc
15
vulnerability VCID-d263-cpsv-fkeg
16
vulnerability VCID-d4bd-m93f-aqf2
17
vulnerability VCID-dgf1-ded8-4uef
18
vulnerability VCID-dx1t-b982-5ucd
19
vulnerability VCID-e9xf-aufp-7ffa
20
vulnerability VCID-fvdb-zeth-8qh7
21
vulnerability VCID-g134-5qhy-mudn
22
vulnerability VCID-gg3x-yz6u-nygp
23
vulnerability VCID-hdw7-spv5-k3c6
24
vulnerability VCID-htqe-191f-1yab
25
vulnerability VCID-j9t7-y29v-6bb7
26
vulnerability VCID-m9p2-uh8x-zuh8
27
vulnerability VCID-n6yd-31cx-zqh2
28
vulnerability VCID-nahk-p3f1-8bee
29
vulnerability VCID-nuz6-12nr-2yga
30
vulnerability VCID-pbqg-vpwf-rkfr
31
vulnerability VCID-qndd-2vmq-guen
32
vulnerability VCID-rgjf-p329-vbf8
33
vulnerability VCID-rkx3-e4r3-c3gh
34
vulnerability VCID-tgvt-rgwm-d7de
35
vulnerability VCID-tt5n-k5h8-xufp
36
vulnerability VCID-ty11-5ff4-s7av
37
vulnerability VCID-tzyh-y7uc-hff9
38
vulnerability VCID-v39f-kpce-2qhz
39
vulnerability VCID-vbae-fwnr-zff5
40
vulnerability VCID-vdtu-qtuw-v3fs
41
vulnerability VCID-wau6-kvqa-pbgu
42
vulnerability VCID-wqt4-uc3s-zbdn
43
vulnerability VCID-yjan-urxm-g3a4
44
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10
1
url pkg:composer/concrete5/concrete5@9.1.3
purl pkg:composer/concrete5/concrete5@9.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2x2h-cef1-yfee
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-542x-fkyy-sfcp
5
vulnerability VCID-69vg-twmj-jfb2
6
vulnerability VCID-7mj3-9jvf-vudw
7
vulnerability VCID-7whk-wmkw-vuec
8
vulnerability VCID-8war-c3pp-kuf5
9
vulnerability VCID-9j62-yk3f-bfgk
10
vulnerability VCID-9z1s-b811-3ug2
11
vulnerability VCID-acs4-8efj-jqa5
12
vulnerability VCID-afq8-b83x-ckfn
13
vulnerability VCID-bbxq-cdbp-vucg
14
vulnerability VCID-c2xh-rq7d-wqey
15
vulnerability VCID-chav-mybs-syd2
16
vulnerability VCID-cyhv-k8b7-u3dc
17
vulnerability VCID-d263-cpsv-fkeg
18
vulnerability VCID-d4bd-m93f-aqf2
19
vulnerability VCID-dgf1-ded8-4uef
20
vulnerability VCID-dx1t-b982-5ucd
21
vulnerability VCID-eyep-q35n-ebcv
22
vulnerability VCID-fvdb-zeth-8qh7
23
vulnerability VCID-g134-5qhy-mudn
24
vulnerability VCID-gg3x-yz6u-nygp
25
vulnerability VCID-hdw7-spv5-k3c6
26
vulnerability VCID-htqe-191f-1yab
27
vulnerability VCID-j9t7-y29v-6bb7
28
vulnerability VCID-m9p2-uh8x-zuh8
29
vulnerability VCID-n6yd-31cx-zqh2
30
vulnerability VCID-nahk-p3f1-8bee
31
vulnerability VCID-nuz6-12nr-2yga
32
vulnerability VCID-pd9w-6ke4-13hr
33
vulnerability VCID-pgfy-52ca-wbbf
34
vulnerability VCID-qndd-2vmq-guen
35
vulnerability VCID-rgjf-p329-vbf8
36
vulnerability VCID-rkx3-e4r3-c3gh
37
vulnerability VCID-s6vy-zjm8-n7bc
38
vulnerability VCID-tgvt-rgwm-d7de
39
vulnerability VCID-tt5n-k5h8-xufp
40
vulnerability VCID-ty11-5ff4-s7av
41
vulnerability VCID-tzyh-y7uc-hff9
42
vulnerability VCID-v39f-kpce-2qhz
43
vulnerability VCID-vbae-fwnr-zff5
44
vulnerability VCID-vdtu-qtuw-v3fs
45
vulnerability VCID-w8rd-ssb2-pkgx
46
vulnerability VCID-wau6-kvqa-pbgu
47
vulnerability VCID-wqt4-uc3s-zbdn
48
vulnerability VCID-x48e-w1z4-57ab
49
vulnerability VCID-yc8g-gqaj-8ycj
50
vulnerability VCID-yjan-urxm-g3a4
51
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3
aliases CVE-2022-43556, GHSA-xj33-8r43-r227
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-71ae-y44g-kbbw
10
url VCID-7mj3-9jvf-vudw
vulnerability_id VCID-7mj3-9jvf-vudw
summary Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names.  The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N. Versions below 9 are not affected. Thanks, Alfin Joseph for reporting.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-0660
reference_id
reference_type
scores
0
value 0.00212
scoring_system epss
scoring_elements 0.43779
published_at 2026-06-11T12:55:00Z
1
value 0.00212
scoring_system epss
scoring_elements 0.43942
published_at 2026-06-14T12:55:00Z
2
value 0.00212
scoring_system epss
scoring_elements 0.43954
published_at 2026-06-13T12:55:00Z
3
value 0.00212
scoring_system epss
scoring_elements 0.43934
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-0660
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-0660
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-0660
3
reference_url https://github.com/concretecms/concretecms/pull/12454
reference_id 12454
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:38:19Z/
url https://github.com/concretecms/concretecms/pull/12454
4
reference_url https://github.com/concretecms/bedrock/pull/370
reference_id 370
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:38:19Z/
url https://github.com/concretecms/bedrock/pull/370
5
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes
reference_id 940-release-notes
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:38:19Z/
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes
6
reference_url https://github.com/advisories/GHSA-pvmx-mjmh-jfcx
reference_id GHSA-pvmx-mjmh-jfcx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pvmx-mjmh-jfcx
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.4.0RC1
purl pkg:composer/concrete5/concrete5@9.4.0RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d4bd-m93f-aqf2
1
vulnerability VCID-dgf1-ded8-4uef
2
vulnerability VCID-dx1t-b982-5ucd
3
vulnerability VCID-g134-5qhy-mudn
4
vulnerability VCID-nahk-p3f1-8bee
5
vulnerability VCID-qndd-2vmq-guen
6
vulnerability VCID-rkx3-e4r3-c3gh
7
vulnerability VCID-v39f-kpce-2qhz
8
vulnerability VCID-vdtu-qtuw-v3fs
9
vulnerability VCID-x48e-w1z4-57ab
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.0RC1
1
url pkg:composer/concrete5/concrete5@9.4.0-RC1
purl pkg:composer/concrete5/concrete5@9.4.0-RC1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.0-RC1
aliases CVE-2025-0660, GHSA-pvmx-mjmh-jfcx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7mj3-9jvf-vudw
11
url VCID-7whk-wmkw-vuec
vulnerability_id VCID-7whk-wmkw-vuec
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-44763
reference_id
reference_type
scores
0
value 0.00269
scoring_system epss
scoring_elements 0.50709
published_at 2026-06-11T12:55:00Z
1
value 0.00269
scoring_system epss
scoring_elements 0.50842
published_at 2026-06-12T12:55:00Z
2
value 0.00269
scoring_system epss
scoring_elements 0.50858
published_at 2026-06-13T12:55:00Z
3
value 0.00269
scoring_system epss
scoring_elements 0.50846
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-44763
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/sromanhu/ConcreteCMS-Arbitrary-file-upload-Thumbnail
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sromanhu/ConcreteCMS-Arbitrary-file-upload-Thumbnail
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-44763
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-44763
4
reference_url https://web.archive.org/web/20231026034159/https://documentation.concretecms.org/user-guide/editors-reference/dashboard/system-and-maintenance/files/allowed-file-types
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20231026034159/https://documentation.concretecms.org/user-guide/editors-reference/dashboard/system-and-maintenance/files/allowed-file-types
5
reference_url https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-25-concrete-cms-rejects-cve-2023-44763
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-25-concrete-cms-rejects-cve-2023-44763
6
reference_url https://github.com/advisories/GHSA-wrp2-6v6j-hfmg
reference_id GHSA-wrp2-6v6j-hfmg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wrp2-6v6j-hfmg
fixed_packages
aliases CVE-2023-44763, GHSA-wrp2-6v6j-hfmg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7whk-wmkw-vuec
12
url VCID-8war-c3pp-kuf5
vulnerability_id VCID-8war-c3pp-kuf5
summary Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Name field which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.2 with a vector of AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N Concrete versions below 9 do not include group types so they are not affected by this vulnerability. Thanks Luca Fuda for reporting.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-2179
reference_id
reference_type
scores
0
value 0.00123
scoring_system epss
scoring_elements 0.31147
published_at 2026-06-12T12:55:00Z
1
value 0.00123
scoring_system epss
scoring_elements 0.31145
published_at 2026-06-14T12:55:00Z
2
value 0.00123
scoring_system epss
scoring_elements 0.31161
published_at 2026-06-13T12:55:00Z
3
value 0.00123
scoring_system epss
scoring_elements 0.3095
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-2179
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 2.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/commit/ac1ec9b069acac79869b2988e1f56cc5565a3dd4
reference_id
reference_type
scores
0
value 2.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/ac1ec9b069acac79869b2988e1f56cc5565a3dd4
3
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/927-release-notes
reference_id 927-release-notes
reference_type
scores
0
value 2.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-06T20:22:19Z/
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/927-release-notes
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-2179
reference_id CVE-2024-2179
reference_type
scores
0
value 2.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-2179
5
reference_url https://github.com/advisories/GHSA-4m7h-34xm-4wjv
reference_id GHSA-4m7h-34xm-4wjv
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4m7h-34xm-4wjv
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.2.7
purl pkg:composer/concrete5/concrete5@9.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2a3x-n2fy-eqce
1
vulnerability VCID-3514-7uhf-pufd
2
vulnerability VCID-542x-fkyy-sfcp
3
vulnerability VCID-7mj3-9jvf-vudw
4
vulnerability VCID-9j62-yk3f-bfgk
5
vulnerability VCID-9z1s-b811-3ug2
6
vulnerability VCID-c2xh-rq7d-wqey
7
vulnerability VCID-d4bd-m93f-aqf2
8
vulnerability VCID-dgf1-ded8-4uef
9
vulnerability VCID-dx1t-b982-5ucd
10
vulnerability VCID-eyep-q35n-ebcv
11
vulnerability VCID-g134-5qhy-mudn
12
vulnerability VCID-hdw7-spv5-k3c6
13
vulnerability VCID-htqe-191f-1yab
14
vulnerability VCID-nahk-p3f1-8bee
15
vulnerability VCID-nuz6-12nr-2yga
16
vulnerability VCID-pgfy-52ca-wbbf
17
vulnerability VCID-qndd-2vmq-guen
18
vulnerability VCID-rgjf-p329-vbf8
19
vulnerability VCID-rkx3-e4r3-c3gh
20
vulnerability VCID-tt5n-k5h8-xufp
21
vulnerability VCID-v39f-kpce-2qhz
22
vulnerability VCID-vdtu-qtuw-v3fs
23
vulnerability VCID-wau6-kvqa-pbgu
24
vulnerability VCID-x48e-w1z4-57ab
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.7
aliases CVE-2024-2179, GHSA-4m7h-34xm-4wjv
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8war-c3pp-kuf5
13
url VCID-9j62-yk3f-bfgk
vulnerability_id VCID-9j62-yk3f-bfgk
summary Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-3181
reference_id
reference_type
scores
0
value 0.00104
scoring_system epss
scoring_elements 0.28128
published_at 2026-06-12T12:55:00Z
1
value 0.00104
scoring_system epss
scoring_elements 0.28142
published_at 2026-06-14T12:55:00Z
2
value 0.00104
scoring_system epss
scoring_elements 0.28153
published_at 2026-06-13T12:55:00Z
3
value 0.00104
scoring_system epss
scoring_elements 0.2793
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-3181
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
3
reference_url https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f
4
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
reference_id 8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T15:34:26Z/
url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
5
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
reference_id 928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T15:34:26Z/
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-3181
reference_id CVE-2024-3181
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-3181
7
reference_url https://github.com/advisories/GHSA-qgm9-rxmq-jxmq
reference_id GHSA-qgm9-rxmq-jxmq
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qgm9-rxmq-jxmq
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.16
purl pkg:composer/concrete5/concrete5@8.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mj3-9jvf-vudw
1
vulnerability VCID-c2xh-rq7d-wqey
2
vulnerability VCID-d4bd-m93f-aqf2
3
vulnerability VCID-dgf1-ded8-4uef
4
vulnerability VCID-dx1t-b982-5ucd
5
vulnerability VCID-g134-5qhy-mudn
6
vulnerability VCID-hdw7-spv5-k3c6
7
vulnerability VCID-htqe-191f-1yab
8
vulnerability VCID-nahk-p3f1-8bee
9
vulnerability VCID-nuz6-12nr-2yga
10
vulnerability VCID-qndd-2vmq-guen
11
vulnerability VCID-rkx3-e4r3-c3gh
12
vulnerability VCID-tt5n-k5h8-xufp
13
vulnerability VCID-v39f-kpce-2qhz
14
vulnerability VCID-vdtu-qtuw-v3fs
15
vulnerability VCID-wau6-kvqa-pbgu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.16
1
url pkg:composer/concrete5/concrete5@9.2.8
purl pkg:composer/concrete5/concrete5@9.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mj3-9jvf-vudw
1
vulnerability VCID-9z1s-b811-3ug2
2
vulnerability VCID-c2xh-rq7d-wqey
3
vulnerability VCID-d4bd-m93f-aqf2
4
vulnerability VCID-dgf1-ded8-4uef
5
vulnerability VCID-dx1t-b982-5ucd
6
vulnerability VCID-eyep-q35n-ebcv
7
vulnerability VCID-g134-5qhy-mudn
8
vulnerability VCID-hdw7-spv5-k3c6
9
vulnerability VCID-htqe-191f-1yab
10
vulnerability VCID-nahk-p3f1-8bee
11
vulnerability VCID-nuz6-12nr-2yga
12
vulnerability VCID-pgfy-52ca-wbbf
13
vulnerability VCID-qndd-2vmq-guen
14
vulnerability VCID-rkx3-e4r3-c3gh
15
vulnerability VCID-tt5n-k5h8-xufp
16
vulnerability VCID-v39f-kpce-2qhz
17
vulnerability VCID-vdtu-qtuw-v3fs
18
vulnerability VCID-wau6-kvqa-pbgu
19
vulnerability VCID-x48e-w1z4-57ab
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8
aliases CVE-2024-3181, GHSA-qgm9-rxmq-jxmq
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9j62-yk3f-bfgk
14
url VCID-9kyu-9sz6-1bea
vulnerability_id VCID-9kyu-9sz6-1bea
summary Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information (secrets in environment variables and server information) when Debug Mode is left on in production.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43691
reference_id
reference_type
scores
0
value 0.00211
scoring_system epss
scoring_elements 0.43898
published_at 2026-06-12T12:55:00Z
1
value 0.00211
scoring_system epss
scoring_elements 0.43909
published_at 2026-06-14T12:55:00Z
2
value 0.00211
scoring_system epss
scoring_elements 0.43743
published_at 2026-06-11T12:55:00Z
3
value 0.00211
scoring_system epss
scoring_elements 0.43918
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43691
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/releases/8.5.10
reference_id 8.5.10
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:12:15Z/
url https://github.com/concretecms/concretecms/releases/8.5.10
3
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
reference_id 8510-release-notes
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:12:15Z/
url https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
4
reference_url https://github.com/concretecms/concretecms/releases/9.1.3
reference_id 9.1.3
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:12:15Z/
url https://github.com/concretecms/concretecms/releases/9.1.3
5
reference_url https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
reference_id 913-release-notes
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:12:15Z/
url https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
6
reference_url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
reference_id concrete-cms-security-advisory-2022-10-31
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:12:15Z/
url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-43691
reference_id CVE-2022-43691
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-43691
8
reference_url https://github.com/advisories/GHSA-q3hq-hm5h-qrx3
reference_id GHSA-q3hq-hm5h-qrx3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q3hq-hm5h-qrx3
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.10
purl pkg:composer/concrete5/concrete5@8.5.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2fk1-gqz6-kbcy
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-542x-fkyy-sfcp
5
vulnerability VCID-69vg-twmj-jfb2
6
vulnerability VCID-7mj3-9jvf-vudw
7
vulnerability VCID-7whk-wmkw-vuec
8
vulnerability VCID-8war-c3pp-kuf5
9
vulnerability VCID-9j62-yk3f-bfgk
10
vulnerability VCID-acs4-8efj-jqa5
11
vulnerability VCID-afq8-b83x-ckfn
12
vulnerability VCID-bbxq-cdbp-vucg
13
vulnerability VCID-c2xh-rq7d-wqey
14
vulnerability VCID-cyhv-k8b7-u3dc
15
vulnerability VCID-d263-cpsv-fkeg
16
vulnerability VCID-d4bd-m93f-aqf2
17
vulnerability VCID-dgf1-ded8-4uef
18
vulnerability VCID-dx1t-b982-5ucd
19
vulnerability VCID-e9xf-aufp-7ffa
20
vulnerability VCID-fvdb-zeth-8qh7
21
vulnerability VCID-g134-5qhy-mudn
22
vulnerability VCID-gg3x-yz6u-nygp
23
vulnerability VCID-hdw7-spv5-k3c6
24
vulnerability VCID-htqe-191f-1yab
25
vulnerability VCID-j9t7-y29v-6bb7
26
vulnerability VCID-m9p2-uh8x-zuh8
27
vulnerability VCID-n6yd-31cx-zqh2
28
vulnerability VCID-nahk-p3f1-8bee
29
vulnerability VCID-nuz6-12nr-2yga
30
vulnerability VCID-pbqg-vpwf-rkfr
31
vulnerability VCID-qndd-2vmq-guen
32
vulnerability VCID-rgjf-p329-vbf8
33
vulnerability VCID-rkx3-e4r3-c3gh
34
vulnerability VCID-tgvt-rgwm-d7de
35
vulnerability VCID-tt5n-k5h8-xufp
36
vulnerability VCID-ty11-5ff4-s7av
37
vulnerability VCID-tzyh-y7uc-hff9
38
vulnerability VCID-v39f-kpce-2qhz
39
vulnerability VCID-vbae-fwnr-zff5
40
vulnerability VCID-vdtu-qtuw-v3fs
41
vulnerability VCID-wau6-kvqa-pbgu
42
vulnerability VCID-wqt4-uc3s-zbdn
43
vulnerability VCID-yjan-urxm-g3a4
44
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10
1
url pkg:composer/concrete5/concrete5@9.1.3
purl pkg:composer/concrete5/concrete5@9.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2x2h-cef1-yfee
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-542x-fkyy-sfcp
5
vulnerability VCID-69vg-twmj-jfb2
6
vulnerability VCID-7mj3-9jvf-vudw
7
vulnerability VCID-7whk-wmkw-vuec
8
vulnerability VCID-8war-c3pp-kuf5
9
vulnerability VCID-9j62-yk3f-bfgk
10
vulnerability VCID-9z1s-b811-3ug2
11
vulnerability VCID-acs4-8efj-jqa5
12
vulnerability VCID-afq8-b83x-ckfn
13
vulnerability VCID-bbxq-cdbp-vucg
14
vulnerability VCID-c2xh-rq7d-wqey
15
vulnerability VCID-chav-mybs-syd2
16
vulnerability VCID-cyhv-k8b7-u3dc
17
vulnerability VCID-d263-cpsv-fkeg
18
vulnerability VCID-d4bd-m93f-aqf2
19
vulnerability VCID-dgf1-ded8-4uef
20
vulnerability VCID-dx1t-b982-5ucd
21
vulnerability VCID-eyep-q35n-ebcv
22
vulnerability VCID-fvdb-zeth-8qh7
23
vulnerability VCID-g134-5qhy-mudn
24
vulnerability VCID-gg3x-yz6u-nygp
25
vulnerability VCID-hdw7-spv5-k3c6
26
vulnerability VCID-htqe-191f-1yab
27
vulnerability VCID-j9t7-y29v-6bb7
28
vulnerability VCID-m9p2-uh8x-zuh8
29
vulnerability VCID-n6yd-31cx-zqh2
30
vulnerability VCID-nahk-p3f1-8bee
31
vulnerability VCID-nuz6-12nr-2yga
32
vulnerability VCID-pd9w-6ke4-13hr
33
vulnerability VCID-pgfy-52ca-wbbf
34
vulnerability VCID-qndd-2vmq-guen
35
vulnerability VCID-rgjf-p329-vbf8
36
vulnerability VCID-rkx3-e4r3-c3gh
37
vulnerability VCID-s6vy-zjm8-n7bc
38
vulnerability VCID-tgvt-rgwm-d7de
39
vulnerability VCID-tt5n-k5h8-xufp
40
vulnerability VCID-ty11-5ff4-s7av
41
vulnerability VCID-tzyh-y7uc-hff9
42
vulnerability VCID-v39f-kpce-2qhz
43
vulnerability VCID-vbae-fwnr-zff5
44
vulnerability VCID-vdtu-qtuw-v3fs
45
vulnerability VCID-w8rd-ssb2-pkgx
46
vulnerability VCID-wau6-kvqa-pbgu
47
vulnerability VCID-wqt4-uc3s-zbdn
48
vulnerability VCID-x48e-w1z4-57ab
49
vulnerability VCID-yc8g-gqaj-8ycj
50
vulnerability VCID-yjan-urxm-g3a4
51
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3
aliases CVE-2022-43691, GHSA-q3hq-hm5h-qrx3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9kyu-9sz6-1bea
15
url VCID-acs4-8efj-jqa5
vulnerability_id VCID-acs4-8efj-jqa5
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-44765
reference_id
reference_type
scores
0
value 0.00298
scoring_system epss
scoring_elements 0.53584
published_at 2026-06-11T12:55:00Z
1
value 0.00298
scoring_system epss
scoring_elements 0.5371
published_at 2026-06-12T12:55:00Z
2
value 0.00298
scoring_system epss
scoring_elements 0.53725
published_at 2026-06-13T12:55:00Z
3
value 0.00298
scoring_system epss
scoring_elements 0.53712
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-44765
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/pull/11746
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/pull/11746
3
reference_url https://github.com/concretecms/concretecms/pull/11746/commits/0f0564232e0a49719d0bdff6223539b624f116ee
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/pull/11746/commits/0f0564232e0a49719d0bdff6223539b624f116ee
4
reference_url https://github.com/concretecms/concretecms/pull/11746/commits/92bcc208078571f4beda38cb0952f8e99887737a
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/pull/11746/commits/92bcc208078571f4beda38cb0952f8e99887737a
5
reference_url https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Associations
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Associations
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-44765
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-44765
7
reference_url https://github.com/advisories/GHSA-6xx7-r8x4-fpjp
reference_id GHSA-6xx7-r8x4-fpjp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6xx7-r8x4-fpjp
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.2.2
purl pkg:composer/concrete5/concrete5@9.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2a3x-n2fy-eqce
1
vulnerability VCID-2x2h-cef1-yfee
2
vulnerability VCID-3514-7uhf-pufd
3
vulnerability VCID-542x-fkyy-sfcp
4
vulnerability VCID-7mj3-9jvf-vudw
5
vulnerability VCID-8war-c3pp-kuf5
6
vulnerability VCID-9j62-yk3f-bfgk
7
vulnerability VCID-9z1s-b811-3ug2
8
vulnerability VCID-c2xh-rq7d-wqey
9
vulnerability VCID-chav-mybs-syd2
10
vulnerability VCID-d263-cpsv-fkeg
11
vulnerability VCID-d4bd-m93f-aqf2
12
vulnerability VCID-dgf1-ded8-4uef
13
vulnerability VCID-dx1t-b982-5ucd
14
vulnerability VCID-eyep-q35n-ebcv
15
vulnerability VCID-g134-5qhy-mudn
16
vulnerability VCID-hdw7-spv5-k3c6
17
vulnerability VCID-htqe-191f-1yab
18
vulnerability VCID-nahk-p3f1-8bee
19
vulnerability VCID-nuz6-12nr-2yga
20
vulnerability VCID-pd9w-6ke4-13hr
21
vulnerability VCID-pgfy-52ca-wbbf
22
vulnerability VCID-qndd-2vmq-guen
23
vulnerability VCID-rgjf-p329-vbf8
24
vulnerability VCID-rkx3-e4r3-c3gh
25
vulnerability VCID-tt5n-k5h8-xufp
26
vulnerability VCID-ty11-5ff4-s7av
27
vulnerability VCID-tzyh-y7uc-hff9
28
vulnerability VCID-v39f-kpce-2qhz
29
vulnerability VCID-vdtu-qtuw-v3fs
30
vulnerability VCID-w8rd-ssb2-pkgx
31
vulnerability VCID-wau6-kvqa-pbgu
32
vulnerability VCID-x48e-w1z4-57ab
33
vulnerability VCID-yc8g-gqaj-8ycj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.2
aliases CVE-2023-44765, GHSA-6xx7-r8x4-fpjp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-acs4-8efj-jqa5
16
url VCID-afq8-b83x-ckfn
vulnerability_id VCID-afq8-b83x-ckfn
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-44764
reference_id
reference_type
scores
0
value 0.00214
scoring_system epss
scoring_elements 0.43982
published_at 2026-06-11T12:55:00Z
1
value 0.00214
scoring_system epss
scoring_elements 0.44136
published_at 2026-06-12T12:55:00Z
2
value 0.00214
scoring_system epss
scoring_elements 0.44154
published_at 2026-06-13T12:55:00Z
3
value 0.00214
scoring_system epss
scoring_elements 0.44143
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-44764
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Site_Installation
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Site_Installation
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-44764
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-44764
4
reference_url https://github.com/advisories/GHSA-j6h5-ggv2-3rfv
reference_id GHSA-j6h5-ggv2-3rfv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j6h5-ggv2-3rfv
fixed_packages
aliases CVE-2023-44764, GHSA-j6h5-ggv2-3rfv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-afq8-b83x-ckfn
17
url VCID-bbxq-cdbp-vucg
vulnerability_id VCID-bbxq-cdbp-vucg
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28477
reference_id
reference_type
scores
0
value 0.02044
scoring_system epss
scoring_elements 0.84219
published_at 2026-06-11T12:55:00Z
1
value 0.02044
scoring_system epss
scoring_elements 0.84274
published_at 2026-06-12T12:55:00Z
2
value 0.02044
scoring_system epss
scoring_elements 0.84282
published_at 2026-06-13T12:55:00Z
3
value 0.02044
scoring_system epss
scoring_elements 0.84277
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28477
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/commit/546cef6ec29208d5c079113635cd6e6b250e9f7c
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/546cef6ec29208d5c079113635cd6e6b250e9f7c
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28477
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28477
4
reference_url https://github.com/advisories/GHSA-xfmj-r86m-j2hr
reference_id GHSA-xfmj-r86m-j2hr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xfmj-r86m-j2hr
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.2.0
purl pkg:composer/concrete5/concrete5@9.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2a3x-n2fy-eqce
1
vulnerability VCID-2x2h-cef1-yfee
2
vulnerability VCID-3514-7uhf-pufd
3
vulnerability VCID-542x-fkyy-sfcp
4
vulnerability VCID-7mj3-9jvf-vudw
5
vulnerability VCID-7whk-wmkw-vuec
6
vulnerability VCID-8war-c3pp-kuf5
7
vulnerability VCID-9j62-yk3f-bfgk
8
vulnerability VCID-9z1s-b811-3ug2
9
vulnerability VCID-acs4-8efj-jqa5
10
vulnerability VCID-afq8-b83x-ckfn
11
vulnerability VCID-c2xh-rq7d-wqey
12
vulnerability VCID-chav-mybs-syd2
13
vulnerability VCID-d263-cpsv-fkeg
14
vulnerability VCID-d4bd-m93f-aqf2
15
vulnerability VCID-dgf1-ded8-4uef
16
vulnerability VCID-dx1t-b982-5ucd
17
vulnerability VCID-eyep-q35n-ebcv
18
vulnerability VCID-fvdb-zeth-8qh7
19
vulnerability VCID-g134-5qhy-mudn
20
vulnerability VCID-gg3x-yz6u-nygp
21
vulnerability VCID-hdw7-spv5-k3c6
22
vulnerability VCID-htqe-191f-1yab
23
vulnerability VCID-n6yd-31cx-zqh2
24
vulnerability VCID-nahk-p3f1-8bee
25
vulnerability VCID-nuz6-12nr-2yga
26
vulnerability VCID-pd9w-6ke4-13hr
27
vulnerability VCID-pgfy-52ca-wbbf
28
vulnerability VCID-qndd-2vmq-guen
29
vulnerability VCID-rgjf-p329-vbf8
30
vulnerability VCID-rkx3-e4r3-c3gh
31
vulnerability VCID-tgvt-rgwm-d7de
32
vulnerability VCID-tt5n-k5h8-xufp
33
vulnerability VCID-ty11-5ff4-s7av
34
vulnerability VCID-tzyh-y7uc-hff9
35
vulnerability VCID-v39f-kpce-2qhz
36
vulnerability VCID-vbae-fwnr-zff5
37
vulnerability VCID-vdtu-qtuw-v3fs
38
vulnerability VCID-w8rd-ssb2-pkgx
39
vulnerability VCID-wau6-kvqa-pbgu
40
vulnerability VCID-wqt4-uc3s-zbdn
41
vulnerability VCID-x48e-w1z4-57ab
42
vulnerability VCID-yc8g-gqaj-8ycj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0
aliases CVE-2023-28477, GHSA-xfmj-r86m-j2hr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bbxq-cdbp-vucg
18
url VCID-c2xh-rq7d-wqey
vulnerability_id VCID-c2xh-rq7d-wqey
summary Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. Users or groups with permission to create event calendars can embed scripts, and users or groups with permission to modify event calendars can execute scripts. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N Thank you, Yusuke Uchida for reporting. CNA updated this risk rank on 20 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-7398
reference_id
reference_type
scores
0
value 0.00191
scoring_system epss
scoring_elements 0.40884
published_at 2026-06-11T12:55:00Z
1
value 0.00191
scoring_system epss
scoring_elements 0.41061
published_at 2026-06-14T12:55:00Z
2
value 0.00191
scoring_system epss
scoring_elements 0.41072
published_at 2026-06-13T12:55:00Z
3
value 0.00191
scoring_system epss
scoring_elements 0.4105
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-7398
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/pull/12183
reference_id 12183
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:04:57Z/
url https://github.com/concretecms/concretecms/pull/12183
3
reference_url https://github.com/concretecms/concretecms/pull/12184
reference_id 12184
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:04:57Z/
url https://github.com/concretecms/concretecms/pull/12184
4
reference_url https://github.com/concretecms/concretecms/commit/7c8ed0d1d9db0d7f6df7fa066e0858ea618451a5
reference_id 7c8ed0d1d9db0d7f6df7fa066e0858ea618451a5
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:04:57Z/
url https://github.com/concretecms/concretecms/commit/7c8ed0d1d9db0d7f6df7fa066e0858ea618451a5
5
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes
reference_id 8519-release-notes
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:04:57Z/
url https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes
6
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes
reference_id 934-release-notes
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:04:57Z/
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-7398
reference_id CVE-2024-7398
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-7398
8
reference_url https://github.com/advisories/GHSA-x8h2-255q-jg4x
reference_id GHSA-x8h2-255q-jg4x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x8h2-255q-jg4x
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.19
purl pkg:composer/concrete5/concrete5@8.5.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mj3-9jvf-vudw
1
vulnerability VCID-d4bd-m93f-aqf2
2
vulnerability VCID-dgf1-ded8-4uef
3
vulnerability VCID-dx1t-b982-5ucd
4
vulnerability VCID-g134-5qhy-mudn
5
vulnerability VCID-nahk-p3f1-8bee
6
vulnerability VCID-qndd-2vmq-guen
7
vulnerability VCID-rkx3-e4r3-c3gh
8
vulnerability VCID-tt5n-k5h8-xufp
9
vulnerability VCID-v39f-kpce-2qhz
10
vulnerability VCID-vdtu-qtuw-v3fs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.19
1
url pkg:composer/concrete5/concrete5@9.3.4
purl pkg:composer/concrete5/concrete5@9.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mj3-9jvf-vudw
1
vulnerability VCID-d4bd-m93f-aqf2
2
vulnerability VCID-dgf1-ded8-4uef
3
vulnerability VCID-dx1t-b982-5ucd
4
vulnerability VCID-g134-5qhy-mudn
5
vulnerability VCID-nahk-p3f1-8bee
6
vulnerability VCID-qndd-2vmq-guen
7
vulnerability VCID-rkx3-e4r3-c3gh
8
vulnerability VCID-tt5n-k5h8-xufp
9
vulnerability VCID-v39f-kpce-2qhz
10
vulnerability VCID-vdtu-qtuw-v3fs
11
vulnerability VCID-x48e-w1z4-57ab
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.3.4
aliases CVE-2024-7398, GHSA-x8h2-255q-jg4x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c2xh-rq7d-wqey
19
url VCID-cyhv-k8b7-u3dc
vulnerability_id VCID-cyhv-k8b7-u3dc
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28472
reference_id
reference_type
scores
0
value 0.00459
scoring_system epss
scoring_elements 0.64452
published_at 2026-06-11T12:55:00Z
1
value 0.00459
scoring_system epss
scoring_elements 0.64554
published_at 2026-06-12T12:55:00Z
2
value 0.00459
scoring_system epss
scoring_elements 0.64566
published_at 2026-06-13T12:55:00Z
3
value 0.00459
scoring_system epss
scoring_elements 0.64562
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28472
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/pull/11749
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/pull/11749
3
reference_url https://github.com/concretecms/concretecms/releases/tag/8.5.13
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/releases/tag/8.5.13
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28472
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28472
5
reference_url https://github.com/advisories/GHSA-f55r-8rcv-mqcf
reference_id GHSA-f55r-8rcv-mqcf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f55r-8rcv-mqcf
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.2.0
purl pkg:composer/concrete5/concrete5@9.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2a3x-n2fy-eqce
1
vulnerability VCID-2x2h-cef1-yfee
2
vulnerability VCID-3514-7uhf-pufd
3
vulnerability VCID-542x-fkyy-sfcp
4
vulnerability VCID-7mj3-9jvf-vudw
5
vulnerability VCID-7whk-wmkw-vuec
6
vulnerability VCID-8war-c3pp-kuf5
7
vulnerability VCID-9j62-yk3f-bfgk
8
vulnerability VCID-9z1s-b811-3ug2
9
vulnerability VCID-acs4-8efj-jqa5
10
vulnerability VCID-afq8-b83x-ckfn
11
vulnerability VCID-c2xh-rq7d-wqey
12
vulnerability VCID-chav-mybs-syd2
13
vulnerability VCID-d263-cpsv-fkeg
14
vulnerability VCID-d4bd-m93f-aqf2
15
vulnerability VCID-dgf1-ded8-4uef
16
vulnerability VCID-dx1t-b982-5ucd
17
vulnerability VCID-eyep-q35n-ebcv
18
vulnerability VCID-fvdb-zeth-8qh7
19
vulnerability VCID-g134-5qhy-mudn
20
vulnerability VCID-gg3x-yz6u-nygp
21
vulnerability VCID-hdw7-spv5-k3c6
22
vulnerability VCID-htqe-191f-1yab
23
vulnerability VCID-n6yd-31cx-zqh2
24
vulnerability VCID-nahk-p3f1-8bee
25
vulnerability VCID-nuz6-12nr-2yga
26
vulnerability VCID-pd9w-6ke4-13hr
27
vulnerability VCID-pgfy-52ca-wbbf
28
vulnerability VCID-qndd-2vmq-guen
29
vulnerability VCID-rgjf-p329-vbf8
30
vulnerability VCID-rkx3-e4r3-c3gh
31
vulnerability VCID-tgvt-rgwm-d7de
32
vulnerability VCID-tt5n-k5h8-xufp
33
vulnerability VCID-ty11-5ff4-s7av
34
vulnerability VCID-tzyh-y7uc-hff9
35
vulnerability VCID-v39f-kpce-2qhz
36
vulnerability VCID-vbae-fwnr-zff5
37
vulnerability VCID-vdtu-qtuw-v3fs
38
vulnerability VCID-w8rd-ssb2-pkgx
39
vulnerability VCID-wau6-kvqa-pbgu
40
vulnerability VCID-wqt4-uc3s-zbdn
41
vulnerability VCID-x48e-w1z4-57ab
42
vulnerability VCID-yc8g-gqaj-8ycj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0
aliases CVE-2023-28472, GHSA-f55r-8rcv-mqcf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cyhv-k8b7-u3dc
20
url VCID-d263-cpsv-fkeg
vulnerability_id VCID-d263-cpsv-fkeg
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-48652
reference_id
reference_type
scores
0
value 0.00335
scoring_system epss
scoring_elements 0.5668
published_at 2026-06-11T12:55:00Z
1
value 0.00335
scoring_system epss
scoring_elements 0.56801
published_at 2026-06-12T12:55:00Z
2
value 0.00335
scoring_system epss
scoring_elements 0.56816
published_at 2026-06-13T12:55:00Z
3
value 0.00335
scoring_system epss
scoring_elements 0.56805
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-48652
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-48652
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-48652
3
reference_url https://github.com/advisories/GHSA-qp42-5pj7-4ccm
reference_id GHSA-qp42-5pj7-4ccm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qp42-5pj7-4ccm
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.2.3
purl pkg:composer/concrete5/concrete5@9.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2a3x-n2fy-eqce
1
vulnerability VCID-2x2h-cef1-yfee
2
vulnerability VCID-3514-7uhf-pufd
3
vulnerability VCID-542x-fkyy-sfcp
4
vulnerability VCID-7mj3-9jvf-vudw
5
vulnerability VCID-8war-c3pp-kuf5
6
vulnerability VCID-9j62-yk3f-bfgk
7
vulnerability VCID-9z1s-b811-3ug2
8
vulnerability VCID-c2xh-rq7d-wqey
9
vulnerability VCID-d4bd-m93f-aqf2
10
vulnerability VCID-dgf1-ded8-4uef
11
vulnerability VCID-dx1t-b982-5ucd
12
vulnerability VCID-eyep-q35n-ebcv
13
vulnerability VCID-g134-5qhy-mudn
14
vulnerability VCID-hdw7-spv5-k3c6
15
vulnerability VCID-htqe-191f-1yab
16
vulnerability VCID-nahk-p3f1-8bee
17
vulnerability VCID-nuz6-12nr-2yga
18
vulnerability VCID-pd9w-6ke4-13hr
19
vulnerability VCID-pgfy-52ca-wbbf
20
vulnerability VCID-qndd-2vmq-guen
21
vulnerability VCID-rgjf-p329-vbf8
22
vulnerability VCID-rkx3-e4r3-c3gh
23
vulnerability VCID-tt5n-k5h8-xufp
24
vulnerability VCID-v39f-kpce-2qhz
25
vulnerability VCID-vdtu-qtuw-v3fs
26
vulnerability VCID-w8rd-ssb2-pkgx
27
vulnerability VCID-wau6-kvqa-pbgu
28
vulnerability VCID-x48e-w1z4-57ab
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.3
aliases CVE-2023-48652, GHSA-qp42-5pj7-4ccm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d263-cpsv-fkeg
21
url VCID-d4bd-m93f-aqf2
vulnerability_id VCID-d4bd-m93f-aqf2
summary In Concrete CMS below version 9.4.8, a rogue administrator can add stored XSS via the Switch Language block.  The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N.  Thanks M3dium for reporting.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3242
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01394
published_at 2026-06-14T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.0139
published_at 2026-06-13T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01381
published_at 2026-06-12T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01379
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3242
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/pull/12826
reference_id 12826
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:42:24Z/
url https://github.com/concretecms/concretecms/pull/12826
3
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes
reference_id 948-release-notes
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:42:24Z/
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3242
reference_id CVE-2026-3242
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3242
5
reference_url https://github.com/advisories/GHSA-w9qg-chfh-g3q9
reference_id GHSA-w9qg-chfh-g3q9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w9qg-chfh-g3q9
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.4.8
purl pkg:composer/concrete5/concrete5@9.4.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8
aliases CVE-2026-3242, GHSA-w9qg-chfh-g3q9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d4bd-m93f-aqf2
22
url VCID-dgf1-ded8-4uef
vulnerability_id VCID-dgf1-ded8-4uef
summary 
Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 are vulnerable to CSRF and XSS in the Concrete CMS Address attribute because addresses are not properly sanitized in the output when a country is not specified.  Attackers are limited to individuals whom a site administrator has granted the ability to fill in an address attribute. It is possible for the attacker to glean limited information from the site but amount and type is restricted by mitigating controls and the level of access of the attacker. Limited data modification is possible. The dashboard page itself could be rendered unavailable. 
The fix only sanitizes new data uploaded post update to Concrete CMS 9.4.0RC2. Existing database entries added before the update will still be “live” if there were successful exploits added under previous versions; a database search is recommended. The Concrete CMS security team gave this vulnerability CVSS v.4.0 score of 5.1  with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L Thanks Myq Larson for reporting.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3153
reference_id
reference_type
scores
0
value 0.00333
scoring_system epss
scoring_elements 0.56494
published_at 2026-06-11T12:55:00Z
1
value 0.00333
scoring_system epss
scoring_elements 0.56617
published_at 2026-06-14T12:55:00Z
2
value 0.00333
scoring_system epss
scoring_elements 0.56613
published_at 2026-06-12T12:55:00Z
3
value 0.00333
scoring_system epss
scoring_elements 0.56627
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3153
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3153
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3153
3
reference_url https://github.com/concretecms/concretecms/pull/12511
reference_id 12511
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:04:27Z/
url https://github.com/concretecms/concretecms/pull/12511
4
reference_url https://github.com/concretecms/concretecms/pull/12512
reference_id 12512
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:04:27Z/
url https://github.com/concretecms/concretecms/pull/12512
5
reference_url https://github.com/concretecms/concretecms/releases/tag/8.5.20
reference_id 8.5.20
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:04:27Z/
url https://github.com/concretecms/concretecms/releases/tag/8.5.20
6
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes
reference_id 940-release-notes
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:04:27Z/
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes
7
reference_url https://github.com/advisories/GHSA-cmm4-p9v2-q453
reference_id GHSA-cmm4-p9v2-q453
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cmm4-p9v2-q453
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.20
purl pkg:composer/concrete5/concrete5@8.5.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d4bd-m93f-aqf2
1
vulnerability VCID-dx1t-b982-5ucd
2
vulnerability VCID-g134-5qhy-mudn
3
vulnerability VCID-nahk-p3f1-8bee
4
vulnerability VCID-qndd-2vmq-guen
5
vulnerability VCID-rkx3-e4r3-c3gh
6
vulnerability VCID-v39f-kpce-2qhz
7
vulnerability VCID-vdtu-qtuw-v3fs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.20
1
url pkg:composer/concrete5/concrete5@9.4.0RC2
purl pkg:composer/concrete5/concrete5@9.4.0RC2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d4bd-m93f-aqf2
1
vulnerability VCID-dx1t-b982-5ucd
2
vulnerability VCID-g134-5qhy-mudn
3
vulnerability VCID-nahk-p3f1-8bee
4
vulnerability VCID-qndd-2vmq-guen
5
vulnerability VCID-rkx3-e4r3-c3gh
6
vulnerability VCID-v39f-kpce-2qhz
7
vulnerability VCID-vdtu-qtuw-v3fs
8
vulnerability VCID-x48e-w1z4-57ab
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.0RC2
2
url pkg:composer/concrete5/concrete5@9.4.0-RC2
purl pkg:composer/concrete5/concrete5@9.4.0-RC2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.0-RC2
aliases CVE-2025-3153, GHSA-cmm4-p9v2-q453
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dgf1-ded8-4uef
23
url VCID-dx1t-b982-5ucd
vulnerability_id VCID-dx1t-b982-5ucd
summary Concrete CMS 9 to 9.4.2 and versions below 8.5.21 are vulnerable to Reflected Cross-Site Scripting (XSS) in the Conversation Messages Dashboard Page. Unsanitized input could cause theft of session cookies or tokens, defacement of web content, redirection to malicious sites, and (if victim is an admin), the execution of unauthorized actions. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Fortbridge https://fortbridge.co.uk/  for performing a penetration test and vulnerability assessment on Concrete CMS and reporting this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-8571
reference_id
reference_type
scores
0
value 0.0026
scoring_system epss
scoring_elements 0.49646
published_at 2026-06-11T12:55:00Z
1
value 0.0026
scoring_system epss
scoring_elements 0.49788
published_at 2026-06-14T12:55:00Z
2
value 0.0026
scoring_system epss
scoring_elements 0.49801
published_at 2026-06-13T12:55:00Z
3
value 0.0026
scoring_system epss
scoring_elements 0.49782
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-8571
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/commit/4b39dcc17c309dc82eb8398e8cdb146942f62f92
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/4b39dcc17c309dc82eb8398e8cdb146942f62f92
3
reference_url https://github.com/concretecms/concretecms/commit/f7630b467d3a234d3d333ca117046a500e7ee2b6
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/f7630b467d3a234d3d333ca117046a500e7ee2b6
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-8571
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-8571
5
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8521-release-notes
reference_id 8521-release-notes
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-06T16:14:47Z/
url https://documentation.concretecms.org/developers/introduction/version-history/8521-release-notes
6
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/943-release-notes
reference_id 943-release-notes
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-06T16:14:47Z/
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/943-release-notes
7
reference_url https://www.concretecms.org/download
reference_id download
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-06T16:14:47Z/
url https://www.concretecms.org/download
8
reference_url https://github.com/advisories/GHSA-4pcg-pjp5-3mc6
reference_id GHSA-4pcg-pjp5-3mc6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4pcg-pjp5-3mc6
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.21
purl pkg:composer/concrete5/concrete5@8.5.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d4bd-m93f-aqf2
1
vulnerability VCID-g134-5qhy-mudn
2
vulnerability VCID-nahk-p3f1-8bee
3
vulnerability VCID-qndd-2vmq-guen
4
vulnerability VCID-rkx3-e4r3-c3gh
5
vulnerability VCID-v39f-kpce-2qhz
6
vulnerability VCID-vdtu-qtuw-v3fs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.21
1
url pkg:composer/concrete5/concrete5@9.4.3
purl pkg:composer/concrete5/concrete5@9.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d4bd-m93f-aqf2
1
vulnerability VCID-g134-5qhy-mudn
2
vulnerability VCID-nahk-p3f1-8bee
3
vulnerability VCID-qndd-2vmq-guen
4
vulnerability VCID-rkx3-e4r3-c3gh
5
vulnerability VCID-v39f-kpce-2qhz
6
vulnerability VCID-vdtu-qtuw-v3fs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.3
aliases CVE-2025-8571, GHSA-4pcg-pjp5-3mc6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dx1t-b982-5ucd
24
url VCID-e9xf-aufp-7ffa
vulnerability_id VCID-e9xf-aufp-7ffa
summary Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28821
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.51216
published_at 2026-06-11T12:55:00Z
1
value 0.00274
scoring_system epss
scoring_elements 0.5136
published_at 2026-06-13T12:55:00Z
2
value 0.00274
scoring_system epss
scoring_elements 0.51347
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28821
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28821
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28821
2
reference_url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20
reference_id concrete-cms-security-advisory-2023-04-20
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:47:43Z/
url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20
3
reference_url https://github.com/advisories/GHSA-ph6g-6v8w-8p6m
reference_id GHSA-ph6g-6v8w-8p6m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ph6g-6v8w-8p6m
4
reference_url https://github.com/concretecms/concretecms/releases
reference_id releases
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:47:43Z/
url https://github.com/concretecms/concretecms/releases
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.1.0
purl pkg:composer/concrete5/concrete5@9.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2x2h-cef1-yfee
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-4h16-ay16-qkcs
5
vulnerability VCID-542x-fkyy-sfcp
6
vulnerability VCID-56qq-9y15-nkb7
7
vulnerability VCID-683x-bjfm-j3hh
8
vulnerability VCID-69vg-twmj-jfb2
9
vulnerability VCID-71ae-y44g-kbbw
10
vulnerability VCID-7mj3-9jvf-vudw
11
vulnerability VCID-7whk-wmkw-vuec
12
vulnerability VCID-8war-c3pp-kuf5
13
vulnerability VCID-9j62-yk3f-bfgk
14
vulnerability VCID-9kyu-9sz6-1bea
15
vulnerability VCID-9z1s-b811-3ug2
16
vulnerability VCID-acs4-8efj-jqa5
17
vulnerability VCID-afq8-b83x-ckfn
18
vulnerability VCID-bbxq-cdbp-vucg
19
vulnerability VCID-c2xh-rq7d-wqey
20
vulnerability VCID-chav-mybs-syd2
21
vulnerability VCID-cyhv-k8b7-u3dc
22
vulnerability VCID-d263-cpsv-fkeg
23
vulnerability VCID-d4bd-m93f-aqf2
24
vulnerability VCID-dgf1-ded8-4uef
25
vulnerability VCID-dx1t-b982-5ucd
26
vulnerability VCID-eyep-q35n-ebcv
27
vulnerability VCID-fvdb-zeth-8qh7
28
vulnerability VCID-g134-5qhy-mudn
29
vulnerability VCID-g3pw-h46n-fyac
30
vulnerability VCID-gg3x-yz6u-nygp
31
vulnerability VCID-h56x-jv8r-a3aq
32
vulnerability VCID-h67e-b4s5-guac
33
vulnerability VCID-hdw7-spv5-k3c6
34
vulnerability VCID-he4r-v9gv-tkdh
35
vulnerability VCID-htqe-191f-1yab
36
vulnerability VCID-j9t7-y29v-6bb7
37
vulnerability VCID-m9p2-uh8x-zuh8
38
vulnerability VCID-mjce-crza-h7d4
39
vulnerability VCID-n6yd-31cx-zqh2
40
vulnerability VCID-nahk-p3f1-8bee
41
vulnerability VCID-nuz6-12nr-2yga
42
vulnerability VCID-pbwe-39av-sydg
43
vulnerability VCID-pd9w-6ke4-13hr
44
vulnerability VCID-pgfy-52ca-wbbf
45
vulnerability VCID-pt73-zjft-syhk
46
vulnerability VCID-qndd-2vmq-guen
47
vulnerability VCID-rgjf-p329-vbf8
48
vulnerability VCID-rkx3-e4r3-c3gh
49
vulnerability VCID-tgvt-rgwm-d7de
50
vulnerability VCID-tt5n-k5h8-xufp
51
vulnerability VCID-ty11-5ff4-s7av
52
vulnerability VCID-tzyh-y7uc-hff9
53
vulnerability VCID-v39f-kpce-2qhz
54
vulnerability VCID-vbae-fwnr-zff5
55
vulnerability VCID-vdtu-qtuw-v3fs
56
vulnerability VCID-w8rd-ssb2-pkgx
57
vulnerability VCID-wau6-kvqa-pbgu
58
vulnerability VCID-wqt4-uc3s-zbdn
59
vulnerability VCID-x48e-w1z4-57ab
60
vulnerability VCID-xfwe-ku14-gfe7
61
vulnerability VCID-yc8g-gqaj-8ycj
62
vulnerability VCID-yjan-urxm-g3a4
63
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.0
aliases CVE-2023-28821, GHSA-ph6g-6v8w-8p6m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e9xf-aufp-7ffa
25
url VCID-fvdb-zeth-8qh7
vulnerability_id VCID-fvdb-zeth-8qh7
summary Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-48648
reference_id
reference_type
scores
0
value 0.00729
scoring_system epss
scoring_elements 0.73114
published_at 2026-06-11T12:55:00Z
1
value 0.00729
scoring_system epss
scoring_elements 0.73205
published_at 2026-06-14T12:55:00Z
2
value 0.00729
scoring_system epss
scoring_elements 0.73191
published_at 2026-06-12T12:55:00Z
3
value 0.00729
scoring_system epss
scoring_elements 0.73207
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-48648
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/commit/707b974826b761dda5c0baaf345c8582157d9307
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/707b974826b761dda5c0baaf345c8582157d9307
3
reference_url https://github.com/concretecms/concretecms/commit/eb882681a0ed19798a8f689d257af8dfe2f3a279
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/eb882681a0ed19798a8f689d257af8dfe2f3a279
4
reference_url https://github.com/concretecms/concretecms/pull/11677
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/pull/11677
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-48648
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-48648
6
reference_url https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release
reference_id 2023-11-09-security-blog-about-updated-cves-and-new-release
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-29T14:37:35Z/
url https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release
7
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes
reference_id 8513-release-notes
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-29T14:37:35Z/
url https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes
8
reference_url https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes
reference_id 922-release-notes
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-29T14:37:35Z/
url https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes
9
reference_url https://github.com/advisories/GHSA-m87h-jxr6-f82w
reference_id GHSA-m87h-jxr6-f82w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m87h-jxr6-f82w
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.13
purl pkg:composer/concrete5/concrete5@8.5.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2a3x-n2fy-eqce
1
vulnerability VCID-3514-7uhf-pufd
2
vulnerability VCID-542x-fkyy-sfcp
3
vulnerability VCID-7mj3-9jvf-vudw
4
vulnerability VCID-8war-c3pp-kuf5
5
vulnerability VCID-9j62-yk3f-bfgk
6
vulnerability VCID-c2xh-rq7d-wqey
7
vulnerability VCID-d263-cpsv-fkeg
8
vulnerability VCID-d4bd-m93f-aqf2
9
vulnerability VCID-dgf1-ded8-4uef
10
vulnerability VCID-dx1t-b982-5ucd
11
vulnerability VCID-g134-5qhy-mudn
12
vulnerability VCID-hdw7-spv5-k3c6
13
vulnerability VCID-htqe-191f-1yab
14
vulnerability VCID-nahk-p3f1-8bee
15
vulnerability VCID-nuz6-12nr-2yga
16
vulnerability VCID-qndd-2vmq-guen
17
vulnerability VCID-rgjf-p329-vbf8
18
vulnerability VCID-rkx3-e4r3-c3gh
19
vulnerability VCID-tt5n-k5h8-xufp
20
vulnerability VCID-ty11-5ff4-s7av
21
vulnerability VCID-tzyh-y7uc-hff9
22
vulnerability VCID-v39f-kpce-2qhz
23
vulnerability VCID-vdtu-qtuw-v3fs
24
vulnerability VCID-wau6-kvqa-pbgu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.13
1
url pkg:composer/concrete5/concrete5@9.2.2
purl pkg:composer/concrete5/concrete5@9.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2a3x-n2fy-eqce
1
vulnerability VCID-2x2h-cef1-yfee
2
vulnerability VCID-3514-7uhf-pufd
3
vulnerability VCID-542x-fkyy-sfcp
4
vulnerability VCID-7mj3-9jvf-vudw
5
vulnerability VCID-8war-c3pp-kuf5
6
vulnerability VCID-9j62-yk3f-bfgk
7
vulnerability VCID-9z1s-b811-3ug2
8
vulnerability VCID-c2xh-rq7d-wqey
9
vulnerability VCID-chav-mybs-syd2
10
vulnerability VCID-d263-cpsv-fkeg
11
vulnerability VCID-d4bd-m93f-aqf2
12
vulnerability VCID-dgf1-ded8-4uef
13
vulnerability VCID-dx1t-b982-5ucd
14
vulnerability VCID-eyep-q35n-ebcv
15
vulnerability VCID-g134-5qhy-mudn
16
vulnerability VCID-hdw7-spv5-k3c6
17
vulnerability VCID-htqe-191f-1yab
18
vulnerability VCID-nahk-p3f1-8bee
19
vulnerability VCID-nuz6-12nr-2yga
20
vulnerability VCID-pd9w-6ke4-13hr
21
vulnerability VCID-pgfy-52ca-wbbf
22
vulnerability VCID-qndd-2vmq-guen
23
vulnerability VCID-rgjf-p329-vbf8
24
vulnerability VCID-rkx3-e4r3-c3gh
25
vulnerability VCID-tt5n-k5h8-xufp
26
vulnerability VCID-ty11-5ff4-s7av
27
vulnerability VCID-tzyh-y7uc-hff9
28
vulnerability VCID-v39f-kpce-2qhz
29
vulnerability VCID-vdtu-qtuw-v3fs
30
vulnerability VCID-w8rd-ssb2-pkgx
31
vulnerability VCID-wau6-kvqa-pbgu
32
vulnerability VCID-x48e-w1z4-57ab
33
vulnerability VCID-yc8g-gqaj-8ycj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.2
aliases CVE-2023-48648, GHSA-m87h-jxr6-f82w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fvdb-zeth-8qh7
26
url VCID-g134-5qhy-mudn
vulnerability_id VCID-g134-5qhy-mudn
summary ConcreteCMS v9.4.7 contains a Denial of Service (DoS) vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive::addFromString' combined with 'file_get_contents', which loads the entire content of every selected file into PHP memory. An authenticated attacker can exploit this by requesting a bulk download of large files, triggering an Out-Of-Memory (OOM) condition that causes the PHP-FPM process to terminate (SIGSEGV) and the web server to return a 500 error.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-30662
reference_id
reference_type
scores
0
value 0.00059
scoring_system epss
scoring_elements 0.1891
published_at 2026-06-14T12:55:00Z
1
value 0.00059
scoring_system epss
scoring_elements 0.18751
published_at 2026-06-11T12:55:00Z
2
value 0.00059
scoring_system epss
scoring_elements 0.18934
published_at 2026-06-13T12:55:00Z
3
value 0.00059
scoring_system epss
scoring_elements 0.18916
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-30662
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-30662
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-30662
3
reference_url https://wang1rrr.github.io/2026/02/11/CVE-Report-ConcreteCMS-DoS
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wang1rrr.github.io/2026/02/11/CVE-Report-ConcreteCMS-DoS
4
reference_url https://wang1rrr.github.io/2026/02/11/CVE-Report-ConcreteCMS-DoS/
reference_id CVE-Report-ConcreteCMS-DoS
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:49:15Z/
url https://wang1rrr.github.io/2026/02/11/CVE-Report-ConcreteCMS-DoS/
5
reference_url https://github.com/advisories/GHSA-p68c-rmfh-j48h
reference_id GHSA-p68c-rmfh-j48h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p68c-rmfh-j48h
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.4.8
purl pkg:composer/concrete5/concrete5@9.4.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8
aliases CVE-2026-30662, GHSA-p68c-rmfh-j48h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g134-5qhy-mudn
27
url VCID-g3pw-h46n-fyac
vulnerability_id VCID-g3pw-h46n-fyac
summary Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43967
reference_id
reference_type
scores
0
value 0.00656
scoring_system epss
scoring_elements 0.71578
published_at 2026-06-12T12:55:00Z
1
value 0.00656
scoring_system epss
scoring_elements 0.71589
published_at 2026-06-14T12:55:00Z
2
value 0.00656
scoring_system epss
scoring_elements 0.71492
published_at 2026-06-11T12:55:00Z
3
value 0.00656
scoring_system epss
scoring_elements 0.71591
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43967
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/releases/8.5.10
reference_id 8.5.10
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:50:32Z/
url https://github.com/concretecms/concretecms/releases/8.5.10
3
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
reference_id 8510-release-notes
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:50:32Z/
url https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
4
reference_url https://github.com/concretecms/concretecms/releases/9.1.3
reference_id 9.1.3
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:50:32Z/
url https://github.com/concretecms/concretecms/releases/9.1.3
5
reference_url https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
reference_id 913-release-notes
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:50:32Z/
url https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
6
reference_url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
reference_id concrete-cms-security-advisory-2022-10-31
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:50:32Z/
url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-43967
reference_id CVE-2022-43967
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-43967
8
reference_url https://github.com/advisories/GHSA-vq39-q549-g786
reference_id GHSA-vq39-q549-g786
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vq39-q549-g786
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.10
purl pkg:composer/concrete5/concrete5@8.5.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2fk1-gqz6-kbcy
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-542x-fkyy-sfcp
5
vulnerability VCID-69vg-twmj-jfb2
6
vulnerability VCID-7mj3-9jvf-vudw
7
vulnerability VCID-7whk-wmkw-vuec
8
vulnerability VCID-8war-c3pp-kuf5
9
vulnerability VCID-9j62-yk3f-bfgk
10
vulnerability VCID-acs4-8efj-jqa5
11
vulnerability VCID-afq8-b83x-ckfn
12
vulnerability VCID-bbxq-cdbp-vucg
13
vulnerability VCID-c2xh-rq7d-wqey
14
vulnerability VCID-cyhv-k8b7-u3dc
15
vulnerability VCID-d263-cpsv-fkeg
16
vulnerability VCID-d4bd-m93f-aqf2
17
vulnerability VCID-dgf1-ded8-4uef
18
vulnerability VCID-dx1t-b982-5ucd
19
vulnerability VCID-e9xf-aufp-7ffa
20
vulnerability VCID-fvdb-zeth-8qh7
21
vulnerability VCID-g134-5qhy-mudn
22
vulnerability VCID-gg3x-yz6u-nygp
23
vulnerability VCID-hdw7-spv5-k3c6
24
vulnerability VCID-htqe-191f-1yab
25
vulnerability VCID-j9t7-y29v-6bb7
26
vulnerability VCID-m9p2-uh8x-zuh8
27
vulnerability VCID-n6yd-31cx-zqh2
28
vulnerability VCID-nahk-p3f1-8bee
29
vulnerability VCID-nuz6-12nr-2yga
30
vulnerability VCID-pbqg-vpwf-rkfr
31
vulnerability VCID-qndd-2vmq-guen
32
vulnerability VCID-rgjf-p329-vbf8
33
vulnerability VCID-rkx3-e4r3-c3gh
34
vulnerability VCID-tgvt-rgwm-d7de
35
vulnerability VCID-tt5n-k5h8-xufp
36
vulnerability VCID-ty11-5ff4-s7av
37
vulnerability VCID-tzyh-y7uc-hff9
38
vulnerability VCID-v39f-kpce-2qhz
39
vulnerability VCID-vbae-fwnr-zff5
40
vulnerability VCID-vdtu-qtuw-v3fs
41
vulnerability VCID-wau6-kvqa-pbgu
42
vulnerability VCID-wqt4-uc3s-zbdn
43
vulnerability VCID-yjan-urxm-g3a4
44
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10
1
url pkg:composer/concrete5/concrete5@9.1.3
purl pkg:composer/concrete5/concrete5@9.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2x2h-cef1-yfee
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-542x-fkyy-sfcp
5
vulnerability VCID-69vg-twmj-jfb2
6
vulnerability VCID-7mj3-9jvf-vudw
7
vulnerability VCID-7whk-wmkw-vuec
8
vulnerability VCID-8war-c3pp-kuf5
9
vulnerability VCID-9j62-yk3f-bfgk
10
vulnerability VCID-9z1s-b811-3ug2
11
vulnerability VCID-acs4-8efj-jqa5
12
vulnerability VCID-afq8-b83x-ckfn
13
vulnerability VCID-bbxq-cdbp-vucg
14
vulnerability VCID-c2xh-rq7d-wqey
15
vulnerability VCID-chav-mybs-syd2
16
vulnerability VCID-cyhv-k8b7-u3dc
17
vulnerability VCID-d263-cpsv-fkeg
18
vulnerability VCID-d4bd-m93f-aqf2
19
vulnerability VCID-dgf1-ded8-4uef
20
vulnerability VCID-dx1t-b982-5ucd
21
vulnerability VCID-eyep-q35n-ebcv
22
vulnerability VCID-fvdb-zeth-8qh7
23
vulnerability VCID-g134-5qhy-mudn
24
vulnerability VCID-gg3x-yz6u-nygp
25
vulnerability VCID-hdw7-spv5-k3c6
26
vulnerability VCID-htqe-191f-1yab
27
vulnerability VCID-j9t7-y29v-6bb7
28
vulnerability VCID-m9p2-uh8x-zuh8
29
vulnerability VCID-n6yd-31cx-zqh2
30
vulnerability VCID-nahk-p3f1-8bee
31
vulnerability VCID-nuz6-12nr-2yga
32
vulnerability VCID-pd9w-6ke4-13hr
33
vulnerability VCID-pgfy-52ca-wbbf
34
vulnerability VCID-qndd-2vmq-guen
35
vulnerability VCID-rgjf-p329-vbf8
36
vulnerability VCID-rkx3-e4r3-c3gh
37
vulnerability VCID-s6vy-zjm8-n7bc
38
vulnerability VCID-tgvt-rgwm-d7de
39
vulnerability VCID-tt5n-k5h8-xufp
40
vulnerability VCID-ty11-5ff4-s7av
41
vulnerability VCID-tzyh-y7uc-hff9
42
vulnerability VCID-v39f-kpce-2qhz
43
vulnerability VCID-vbae-fwnr-zff5
44
vulnerability VCID-vdtu-qtuw-v3fs
45
vulnerability VCID-w8rd-ssb2-pkgx
46
vulnerability VCID-wau6-kvqa-pbgu
47
vulnerability VCID-wqt4-uc3s-zbdn
48
vulnerability VCID-x48e-w1z4-57ab
49
vulnerability VCID-yc8g-gqaj-8ycj
50
vulnerability VCID-yjan-urxm-g3a4
51
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3
aliases CVE-2022-43967, GHSA-vq39-q549-g786
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g3pw-h46n-fyac
28
url VCID-gg3x-yz6u-nygp
vulnerability_id VCID-gg3x-yz6u-nygp
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-44761
reference_id
reference_type
scores
0
value 0.00298
scoring_system epss
scoring_elements 0.53584
published_at 2026-06-11T12:55:00Z
1
value 0.00298
scoring_system epss
scoring_elements 0.5371
published_at 2026-06-12T12:55:00Z
2
value 0.00298
scoring_system epss
scoring_elements 0.53725
published_at 2026-06-13T12:55:00Z
3
value 0.00298
scoring_system epss
scoring_elements 0.53712
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-44761
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Forms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Forms
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-44761
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-44761
4
reference_url https://github.com/advisories/GHSA-p4jj-gwpg-9jwh
reference_id GHSA-p4jj-gwpg-9jwh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p4jj-gwpg-9jwh
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.2.2
purl pkg:composer/concrete5/concrete5@9.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2a3x-n2fy-eqce
1
vulnerability VCID-2x2h-cef1-yfee
2
vulnerability VCID-3514-7uhf-pufd
3
vulnerability VCID-542x-fkyy-sfcp
4
vulnerability VCID-7mj3-9jvf-vudw
5
vulnerability VCID-8war-c3pp-kuf5
6
vulnerability VCID-9j62-yk3f-bfgk
7
vulnerability VCID-9z1s-b811-3ug2
8
vulnerability VCID-c2xh-rq7d-wqey
9
vulnerability VCID-chav-mybs-syd2
10
vulnerability VCID-d263-cpsv-fkeg
11
vulnerability VCID-d4bd-m93f-aqf2
12
vulnerability VCID-dgf1-ded8-4uef
13
vulnerability VCID-dx1t-b982-5ucd
14
vulnerability VCID-eyep-q35n-ebcv
15
vulnerability VCID-g134-5qhy-mudn
16
vulnerability VCID-hdw7-spv5-k3c6
17
vulnerability VCID-htqe-191f-1yab
18
vulnerability VCID-nahk-p3f1-8bee
19
vulnerability VCID-nuz6-12nr-2yga
20
vulnerability VCID-pd9w-6ke4-13hr
21
vulnerability VCID-pgfy-52ca-wbbf
22
vulnerability VCID-qndd-2vmq-guen
23
vulnerability VCID-rgjf-p329-vbf8
24
vulnerability VCID-rkx3-e4r3-c3gh
25
vulnerability VCID-tt5n-k5h8-xufp
26
vulnerability VCID-ty11-5ff4-s7av
27
vulnerability VCID-tzyh-y7uc-hff9
28
vulnerability VCID-v39f-kpce-2qhz
29
vulnerability VCID-vdtu-qtuw-v3fs
30
vulnerability VCID-w8rd-ssb2-pkgx
31
vulnerability VCID-wau6-kvqa-pbgu
32
vulnerability VCID-x48e-w1z4-57ab
33
vulnerability VCID-yc8g-gqaj-8ycj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.2
aliases CVE-2023-44761, GHSA-p4jj-gwpg-9jwh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gg3x-yz6u-nygp
29
url VCID-h56x-jv8r-a3aq
vulnerability_id VCID-h56x-jv8r-a3aq
summary Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43687
reference_id
reference_type
scores
0
value 0.0031
scoring_system epss
scoring_elements 0.54553
published_at 2026-06-11T12:55:00Z
1
value 0.0031
scoring_system epss
scoring_elements 0.54679
published_at 2026-06-14T12:55:00Z
2
value 0.0031
scoring_system epss
scoring_elements 0.54695
published_at 2026-06-13T12:55:00Z
3
value 0.0031
scoring_system epss
scoring_elements 0.54678
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43687
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/releases/8.5.10
reference_id 8.5.10
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:18:32Z/
url https://github.com/concretecms/concretecms/releases/8.5.10
3
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
reference_id 8510-release-notes
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:18:32Z/
url https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
4
reference_url https://github.com/concretecms/concretecms/releases/9.1.3
reference_id 9.1.3
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:18:32Z/
url https://github.com/concretecms/concretecms/releases/9.1.3
5
reference_url https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
reference_id 913-release-notes
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:18:32Z/
url https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
6
reference_url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
reference_id concrete-cms-security-advisory-2022-10-31
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:18:32Z/
url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-43687
reference_id CVE-2022-43687
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-43687
8
reference_url https://github.com/advisories/GHSA-m53v-5x5x-5m2p
reference_id GHSA-m53v-5x5x-5m2p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m53v-5x5x-5m2p
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.10
purl pkg:composer/concrete5/concrete5@8.5.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2fk1-gqz6-kbcy
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-542x-fkyy-sfcp
5
vulnerability VCID-69vg-twmj-jfb2
6
vulnerability VCID-7mj3-9jvf-vudw
7
vulnerability VCID-7whk-wmkw-vuec
8
vulnerability VCID-8war-c3pp-kuf5
9
vulnerability VCID-9j62-yk3f-bfgk
10
vulnerability VCID-acs4-8efj-jqa5
11
vulnerability VCID-afq8-b83x-ckfn
12
vulnerability VCID-bbxq-cdbp-vucg
13
vulnerability VCID-c2xh-rq7d-wqey
14
vulnerability VCID-cyhv-k8b7-u3dc
15
vulnerability VCID-d263-cpsv-fkeg
16
vulnerability VCID-d4bd-m93f-aqf2
17
vulnerability VCID-dgf1-ded8-4uef
18
vulnerability VCID-dx1t-b982-5ucd
19
vulnerability VCID-e9xf-aufp-7ffa
20
vulnerability VCID-fvdb-zeth-8qh7
21
vulnerability VCID-g134-5qhy-mudn
22
vulnerability VCID-gg3x-yz6u-nygp
23
vulnerability VCID-hdw7-spv5-k3c6
24
vulnerability VCID-htqe-191f-1yab
25
vulnerability VCID-j9t7-y29v-6bb7
26
vulnerability VCID-m9p2-uh8x-zuh8
27
vulnerability VCID-n6yd-31cx-zqh2
28
vulnerability VCID-nahk-p3f1-8bee
29
vulnerability VCID-nuz6-12nr-2yga
30
vulnerability VCID-pbqg-vpwf-rkfr
31
vulnerability VCID-qndd-2vmq-guen
32
vulnerability VCID-rgjf-p329-vbf8
33
vulnerability VCID-rkx3-e4r3-c3gh
34
vulnerability VCID-tgvt-rgwm-d7de
35
vulnerability VCID-tt5n-k5h8-xufp
36
vulnerability VCID-ty11-5ff4-s7av
37
vulnerability VCID-tzyh-y7uc-hff9
38
vulnerability VCID-v39f-kpce-2qhz
39
vulnerability VCID-vbae-fwnr-zff5
40
vulnerability VCID-vdtu-qtuw-v3fs
41
vulnerability VCID-wau6-kvqa-pbgu
42
vulnerability VCID-wqt4-uc3s-zbdn
43
vulnerability VCID-yjan-urxm-g3a4
44
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10
1
url pkg:composer/concrete5/concrete5@9.1.3
purl pkg:composer/concrete5/concrete5@9.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2x2h-cef1-yfee
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-542x-fkyy-sfcp
5
vulnerability VCID-69vg-twmj-jfb2
6
vulnerability VCID-7mj3-9jvf-vudw
7
vulnerability VCID-7whk-wmkw-vuec
8
vulnerability VCID-8war-c3pp-kuf5
9
vulnerability VCID-9j62-yk3f-bfgk
10
vulnerability VCID-9z1s-b811-3ug2
11
vulnerability VCID-acs4-8efj-jqa5
12
vulnerability VCID-afq8-b83x-ckfn
13
vulnerability VCID-bbxq-cdbp-vucg
14
vulnerability VCID-c2xh-rq7d-wqey
15
vulnerability VCID-chav-mybs-syd2
16
vulnerability VCID-cyhv-k8b7-u3dc
17
vulnerability VCID-d263-cpsv-fkeg
18
vulnerability VCID-d4bd-m93f-aqf2
19
vulnerability VCID-dgf1-ded8-4uef
20
vulnerability VCID-dx1t-b982-5ucd
21
vulnerability VCID-eyep-q35n-ebcv
22
vulnerability VCID-fvdb-zeth-8qh7
23
vulnerability VCID-g134-5qhy-mudn
24
vulnerability VCID-gg3x-yz6u-nygp
25
vulnerability VCID-hdw7-spv5-k3c6
26
vulnerability VCID-htqe-191f-1yab
27
vulnerability VCID-j9t7-y29v-6bb7
28
vulnerability VCID-m9p2-uh8x-zuh8
29
vulnerability VCID-n6yd-31cx-zqh2
30
vulnerability VCID-nahk-p3f1-8bee
31
vulnerability VCID-nuz6-12nr-2yga
32
vulnerability VCID-pd9w-6ke4-13hr
33
vulnerability VCID-pgfy-52ca-wbbf
34
vulnerability VCID-qndd-2vmq-guen
35
vulnerability VCID-rgjf-p329-vbf8
36
vulnerability VCID-rkx3-e4r3-c3gh
37
vulnerability VCID-s6vy-zjm8-n7bc
38
vulnerability VCID-tgvt-rgwm-d7de
39
vulnerability VCID-tt5n-k5h8-xufp
40
vulnerability VCID-ty11-5ff4-s7av
41
vulnerability VCID-tzyh-y7uc-hff9
42
vulnerability VCID-v39f-kpce-2qhz
43
vulnerability VCID-vbae-fwnr-zff5
44
vulnerability VCID-vdtu-qtuw-v3fs
45
vulnerability VCID-w8rd-ssb2-pkgx
46
vulnerability VCID-wau6-kvqa-pbgu
47
vulnerability VCID-wqt4-uc3s-zbdn
48
vulnerability VCID-x48e-w1z4-57ab
49
vulnerability VCID-yc8g-gqaj-8ycj
50
vulnerability VCID-yjan-urxm-g3a4
51
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3
aliases CVE-2022-43687, GHSA-m53v-5x5x-5m2p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h56x-jv8r-a3aq
30
url VCID-h67e-b4s5-guac
vulnerability_id VCID-h67e-b4s5-guac
summary Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this functionality. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43690
reference_id
reference_type
scores
0
value 0.00337
scoring_system epss
scoring_elements 0.57046
published_at 2026-06-14T12:55:00Z
1
value 0.00337
scoring_system epss
scoring_elements 0.57054
published_at 2026-06-13T12:55:00Z
2
value 0.00337
scoring_system epss
scoring_elements 0.5704
published_at 2026-06-12T12:55:00Z
3
value 0.00337
scoring_system epss
scoring_elements 0.56919
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43690
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/commit/a4dc73a4a47823373d4b4824534bb9b7d251f72c
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/a4dc73a4a47823373d4b4824534bb9b7d251f72c
3
reference_url https://github.com/concretecms/concretecms/commit/d5dd12c40efed326b26862391b7e1e6f414cdd55
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/d5dd12c40efed326b26862391b7e1e6f414cdd55
4
reference_url https://github.com/concretecms/concretecms/releases/8.5.10
reference_id 8.5.10
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:13:50Z/
url https://github.com/concretecms/concretecms/releases/8.5.10
5
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
reference_id 8510-release-notes
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:13:50Z/
url https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
6
reference_url https://github.com/concretecms/concretecms/releases/9.1.3
reference_id 9.1.3
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:13:50Z/
url https://github.com/concretecms/concretecms/releases/9.1.3
7
reference_url https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
reference_id 913-release-notes
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:13:50Z/
url https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
8
reference_url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
reference_id concrete-cms-security-advisory-2022-10-31
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:13:50Z/
url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-43690
reference_id CVE-2022-43690
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-43690
10
reference_url https://github.com/advisories/GHSA-q56r-mw39-944g
reference_id GHSA-q56r-mw39-944g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q56r-mw39-944g
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.10
purl pkg:composer/concrete5/concrete5@8.5.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2fk1-gqz6-kbcy
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-542x-fkyy-sfcp
5
vulnerability VCID-69vg-twmj-jfb2
6
vulnerability VCID-7mj3-9jvf-vudw
7
vulnerability VCID-7whk-wmkw-vuec
8
vulnerability VCID-8war-c3pp-kuf5
9
vulnerability VCID-9j62-yk3f-bfgk
10
vulnerability VCID-acs4-8efj-jqa5
11
vulnerability VCID-afq8-b83x-ckfn
12
vulnerability VCID-bbxq-cdbp-vucg
13
vulnerability VCID-c2xh-rq7d-wqey
14
vulnerability VCID-cyhv-k8b7-u3dc
15
vulnerability VCID-d263-cpsv-fkeg
16
vulnerability VCID-d4bd-m93f-aqf2
17
vulnerability VCID-dgf1-ded8-4uef
18
vulnerability VCID-dx1t-b982-5ucd
19
vulnerability VCID-e9xf-aufp-7ffa
20
vulnerability VCID-fvdb-zeth-8qh7
21
vulnerability VCID-g134-5qhy-mudn
22
vulnerability VCID-gg3x-yz6u-nygp
23
vulnerability VCID-hdw7-spv5-k3c6
24
vulnerability VCID-htqe-191f-1yab
25
vulnerability VCID-j9t7-y29v-6bb7
26
vulnerability VCID-m9p2-uh8x-zuh8
27
vulnerability VCID-n6yd-31cx-zqh2
28
vulnerability VCID-nahk-p3f1-8bee
29
vulnerability VCID-nuz6-12nr-2yga
30
vulnerability VCID-pbqg-vpwf-rkfr
31
vulnerability VCID-qndd-2vmq-guen
32
vulnerability VCID-rgjf-p329-vbf8
33
vulnerability VCID-rkx3-e4r3-c3gh
34
vulnerability VCID-tgvt-rgwm-d7de
35
vulnerability VCID-tt5n-k5h8-xufp
36
vulnerability VCID-ty11-5ff4-s7av
37
vulnerability VCID-tzyh-y7uc-hff9
38
vulnerability VCID-v39f-kpce-2qhz
39
vulnerability VCID-vbae-fwnr-zff5
40
vulnerability VCID-vdtu-qtuw-v3fs
41
vulnerability VCID-wau6-kvqa-pbgu
42
vulnerability VCID-wqt4-uc3s-zbdn
43
vulnerability VCID-yjan-urxm-g3a4
44
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10
1
url pkg:composer/concrete5/concrete5@9.1.3
purl pkg:composer/concrete5/concrete5@9.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2x2h-cef1-yfee
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-542x-fkyy-sfcp
5
vulnerability VCID-69vg-twmj-jfb2
6
vulnerability VCID-7mj3-9jvf-vudw
7
vulnerability VCID-7whk-wmkw-vuec
8
vulnerability VCID-8war-c3pp-kuf5
9
vulnerability VCID-9j62-yk3f-bfgk
10
vulnerability VCID-9z1s-b811-3ug2
11
vulnerability VCID-acs4-8efj-jqa5
12
vulnerability VCID-afq8-b83x-ckfn
13
vulnerability VCID-bbxq-cdbp-vucg
14
vulnerability VCID-c2xh-rq7d-wqey
15
vulnerability VCID-chav-mybs-syd2
16
vulnerability VCID-cyhv-k8b7-u3dc
17
vulnerability VCID-d263-cpsv-fkeg
18
vulnerability VCID-d4bd-m93f-aqf2
19
vulnerability VCID-dgf1-ded8-4uef
20
vulnerability VCID-dx1t-b982-5ucd
21
vulnerability VCID-eyep-q35n-ebcv
22
vulnerability VCID-fvdb-zeth-8qh7
23
vulnerability VCID-g134-5qhy-mudn
24
vulnerability VCID-gg3x-yz6u-nygp
25
vulnerability VCID-hdw7-spv5-k3c6
26
vulnerability VCID-htqe-191f-1yab
27
vulnerability VCID-j9t7-y29v-6bb7
28
vulnerability VCID-m9p2-uh8x-zuh8
29
vulnerability VCID-n6yd-31cx-zqh2
30
vulnerability VCID-nahk-p3f1-8bee
31
vulnerability VCID-nuz6-12nr-2yga
32
vulnerability VCID-pd9w-6ke4-13hr
33
vulnerability VCID-pgfy-52ca-wbbf
34
vulnerability VCID-qndd-2vmq-guen
35
vulnerability VCID-rgjf-p329-vbf8
36
vulnerability VCID-rkx3-e4r3-c3gh
37
vulnerability VCID-s6vy-zjm8-n7bc
38
vulnerability VCID-tgvt-rgwm-d7de
39
vulnerability VCID-tt5n-k5h8-xufp
40
vulnerability VCID-ty11-5ff4-s7av
41
vulnerability VCID-tzyh-y7uc-hff9
42
vulnerability VCID-v39f-kpce-2qhz
43
vulnerability VCID-vbae-fwnr-zff5
44
vulnerability VCID-vdtu-qtuw-v3fs
45
vulnerability VCID-w8rd-ssb2-pkgx
46
vulnerability VCID-wau6-kvqa-pbgu
47
vulnerability VCID-wqt4-uc3s-zbdn
48
vulnerability VCID-x48e-w1z4-57ab
49
vulnerability VCID-yc8g-gqaj-8ycj
50
vulnerability VCID-yjan-urxm-g3a4
51
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3
aliases CVE-2022-43690, GHSA-q56r-mw39-944g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h67e-b4s5-guac
31
url VCID-hdw7-spv5-k3c6
vulnerability_id VCID-hdw7-spv5-k3c6
summary Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in getAttributeSetName(). A rogue administrator could inject malicious code. The Concrete CMS team gave this a CVSS v4.0 rank of 4.6 with vector https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks, m3dium for reporting. (CNA updated this risk rank on 20 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-7394
reference_id
reference_type
scores
0
value 0.03921
scoring_system epss
scoring_elements 0.88575
published_at 2026-06-11T12:55:00Z
1
value 0.03921
scoring_system epss
scoring_elements 0.88619
published_at 2026-06-14T12:55:00Z
2
value 0.03921
scoring_system epss
scoring_elements 0.88621
published_at 2026-06-13T12:55:00Z
3
value 0.03921
scoring_system epss
scoring_elements 0.88614
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-7394
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/commit/3a5974e94892c43388c3529e57a140bf2967c734
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/3a5974e94892c43388c3529e57a140bf2967c734
3
reference_url https://github.com/concretecms/concretecms/commit/e7e0eb95a0c4d0875c3712e33f495be76578cd5a
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/e7e0eb95a0c4d0875c3712e33f495be76578cd5a
4
reference_url https://github.com/concretecms/concretecms/pull/12166
reference_id 12166
reference_type
scores
0
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:54:29Z/
url https://github.com/concretecms/concretecms/pull/12166
5
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8518-release-notes?pk_vid=e367a434ef4830491723055758d52041
reference_id 8518-release-notes?pk_vid=e367a434ef4830491723055758d52041
reference_type
scores
0
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:54:29Z/
url https://documentation.concretecms.org/developers/introduction/version-history/8518-release-notes?pk_vid=e367a434ef4830491723055758d52041
6
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723055753d52041
reference_id 933-release-notes?pk_vid=e367a434ef4830491723055753d52041
reference_type
scores
0
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:54:29Z/
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723055753d52041
7
reference_url https://github.com/concretecms/concretecms/commit/c08d9671cec4e7afdabb547339c4bc0bed8eab06
reference_id c08d9671cec4e7afdabb547339c4bc0bed8eab06
reference_type
scores
0
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:54:29Z/
url https://github.com/concretecms/concretecms/commit/c08d9671cec4e7afdabb547339c4bc0bed8eab06
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-7394
reference_id CVE-2024-7394
reference_type
scores
0
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-7394
9
reference_url https://github.com/advisories/GHSA-w6j6-w6jx-vf2r
reference_id GHSA-w6j6-w6jx-vf2r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w6j6-w6jx-vf2r
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.18
purl pkg:composer/concrete5/concrete5@8.5.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mj3-9jvf-vudw
1
vulnerability VCID-c2xh-rq7d-wqey
2
vulnerability VCID-d4bd-m93f-aqf2
3
vulnerability VCID-dgf1-ded8-4uef
4
vulnerability VCID-dx1t-b982-5ucd
5
vulnerability VCID-g134-5qhy-mudn
6
vulnerability VCID-htqe-191f-1yab
7
vulnerability VCID-nahk-p3f1-8bee
8
vulnerability VCID-nuz6-12nr-2yga
9
vulnerability VCID-qndd-2vmq-guen
10
vulnerability VCID-rkx3-e4r3-c3gh
11
vulnerability VCID-tt5n-k5h8-xufp
12
vulnerability VCID-v39f-kpce-2qhz
13
vulnerability VCID-vdtu-qtuw-v3fs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.18
1
url pkg:composer/concrete5/concrete5@9.3.3
purl pkg:composer/concrete5/concrete5@9.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mj3-9jvf-vudw
1
vulnerability VCID-c2xh-rq7d-wqey
2
vulnerability VCID-d4bd-m93f-aqf2
3
vulnerability VCID-dgf1-ded8-4uef
4
vulnerability VCID-dx1t-b982-5ucd
5
vulnerability VCID-g134-5qhy-mudn
6
vulnerability VCID-htqe-191f-1yab
7
vulnerability VCID-nahk-p3f1-8bee
8
vulnerability VCID-nuz6-12nr-2yga
9
vulnerability VCID-qndd-2vmq-guen
10
vulnerability VCID-rkx3-e4r3-c3gh
11
vulnerability VCID-tt5n-k5h8-xufp
12
vulnerability VCID-v39f-kpce-2qhz
13
vulnerability VCID-vdtu-qtuw-v3fs
14
vulnerability VCID-x48e-w1z4-57ab
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.3.3
aliases CVE-2024-7394, GHSA-w6j6-w6jx-vf2r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hdw7-spv5-k3c6
32
url VCID-he4r-v9gv-tkdh
vulnerability_id VCID-he4r-v9gv-tkdh
summary Concrete CMS vulnerable to Cross-site Scripting
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43688
reference_id
reference_type
scores
0
value 0.0037
scoring_system epss
scoring_elements 0.59355
published_at 2026-06-14T12:55:00Z
1
value 0.0037
scoring_system epss
scoring_elements 0.59352
published_at 2026-06-12T12:55:00Z
2
value 0.0037
scoring_system epss
scoring_elements 0.5924
published_at 2026-06-11T12:55:00Z
3
value 0.0037
scoring_system epss
scoring_elements 0.59364
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43688
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/commit/51f19b377a19c97a8b8f1d4d0f13724ed1c7c7a7
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/51f19b377a19c97a8b8f1d4d0f13724ed1c7c7a7
3
reference_url https://github.com/concretecms/concretecms/commit/6d46ca042fcfeda0f7881d8744f5216ef1abce0e
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/6d46ca042fcfeda0f7881d8744f5216ef1abce0e
4
reference_url https://github.com/concretecms/concretecms/pull/10999
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/pull/10999
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-43688
reference_id CVE-2022-43688
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-43688
6
reference_url https://github.com/advisories/GHSA-9jc5-9wh5-mc36
reference_id GHSA-9jc5-9wh5-mc36
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9jc5-9wh5-mc36
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.10
purl pkg:composer/concrete5/concrete5@8.5.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2fk1-gqz6-kbcy
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-542x-fkyy-sfcp
5
vulnerability VCID-69vg-twmj-jfb2
6
vulnerability VCID-7mj3-9jvf-vudw
7
vulnerability VCID-7whk-wmkw-vuec
8
vulnerability VCID-8war-c3pp-kuf5
9
vulnerability VCID-9j62-yk3f-bfgk
10
vulnerability VCID-acs4-8efj-jqa5
11
vulnerability VCID-afq8-b83x-ckfn
12
vulnerability VCID-bbxq-cdbp-vucg
13
vulnerability VCID-c2xh-rq7d-wqey
14
vulnerability VCID-cyhv-k8b7-u3dc
15
vulnerability VCID-d263-cpsv-fkeg
16
vulnerability VCID-d4bd-m93f-aqf2
17
vulnerability VCID-dgf1-ded8-4uef
18
vulnerability VCID-dx1t-b982-5ucd
19
vulnerability VCID-e9xf-aufp-7ffa
20
vulnerability VCID-fvdb-zeth-8qh7
21
vulnerability VCID-g134-5qhy-mudn
22
vulnerability VCID-gg3x-yz6u-nygp
23
vulnerability VCID-hdw7-spv5-k3c6
24
vulnerability VCID-htqe-191f-1yab
25
vulnerability VCID-j9t7-y29v-6bb7
26
vulnerability VCID-m9p2-uh8x-zuh8
27
vulnerability VCID-n6yd-31cx-zqh2
28
vulnerability VCID-nahk-p3f1-8bee
29
vulnerability VCID-nuz6-12nr-2yga
30
vulnerability VCID-pbqg-vpwf-rkfr
31
vulnerability VCID-qndd-2vmq-guen
32
vulnerability VCID-rgjf-p329-vbf8
33
vulnerability VCID-rkx3-e4r3-c3gh
34
vulnerability VCID-tgvt-rgwm-d7de
35
vulnerability VCID-tt5n-k5h8-xufp
36
vulnerability VCID-ty11-5ff4-s7av
37
vulnerability VCID-tzyh-y7uc-hff9
38
vulnerability VCID-v39f-kpce-2qhz
39
vulnerability VCID-vbae-fwnr-zff5
40
vulnerability VCID-vdtu-qtuw-v3fs
41
vulnerability VCID-wau6-kvqa-pbgu
42
vulnerability VCID-wqt4-uc3s-zbdn
43
vulnerability VCID-yjan-urxm-g3a4
44
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10
1
url pkg:composer/concrete5/concrete5@9.1.3
purl pkg:composer/concrete5/concrete5@9.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2x2h-cef1-yfee
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-542x-fkyy-sfcp
5
vulnerability VCID-69vg-twmj-jfb2
6
vulnerability VCID-7mj3-9jvf-vudw
7
vulnerability VCID-7whk-wmkw-vuec
8
vulnerability VCID-8war-c3pp-kuf5
9
vulnerability VCID-9j62-yk3f-bfgk
10
vulnerability VCID-9z1s-b811-3ug2
11
vulnerability VCID-acs4-8efj-jqa5
12
vulnerability VCID-afq8-b83x-ckfn
13
vulnerability VCID-bbxq-cdbp-vucg
14
vulnerability VCID-c2xh-rq7d-wqey
15
vulnerability VCID-chav-mybs-syd2
16
vulnerability VCID-cyhv-k8b7-u3dc
17
vulnerability VCID-d263-cpsv-fkeg
18
vulnerability VCID-d4bd-m93f-aqf2
19
vulnerability VCID-dgf1-ded8-4uef
20
vulnerability VCID-dx1t-b982-5ucd
21
vulnerability VCID-eyep-q35n-ebcv
22
vulnerability VCID-fvdb-zeth-8qh7
23
vulnerability VCID-g134-5qhy-mudn
24
vulnerability VCID-gg3x-yz6u-nygp
25
vulnerability VCID-hdw7-spv5-k3c6
26
vulnerability VCID-htqe-191f-1yab
27
vulnerability VCID-j9t7-y29v-6bb7
28
vulnerability VCID-m9p2-uh8x-zuh8
29
vulnerability VCID-n6yd-31cx-zqh2
30
vulnerability VCID-nahk-p3f1-8bee
31
vulnerability VCID-nuz6-12nr-2yga
32
vulnerability VCID-pd9w-6ke4-13hr
33
vulnerability VCID-pgfy-52ca-wbbf
34
vulnerability VCID-qndd-2vmq-guen
35
vulnerability VCID-rgjf-p329-vbf8
36
vulnerability VCID-rkx3-e4r3-c3gh
37
vulnerability VCID-s6vy-zjm8-n7bc
38
vulnerability VCID-tgvt-rgwm-d7de
39
vulnerability VCID-tt5n-k5h8-xufp
40
vulnerability VCID-ty11-5ff4-s7av
41
vulnerability VCID-tzyh-y7uc-hff9
42
vulnerability VCID-v39f-kpce-2qhz
43
vulnerability VCID-vbae-fwnr-zff5
44
vulnerability VCID-vdtu-qtuw-v3fs
45
vulnerability VCID-w8rd-ssb2-pkgx
46
vulnerability VCID-wau6-kvqa-pbgu
47
vulnerability VCID-wqt4-uc3s-zbdn
48
vulnerability VCID-x48e-w1z4-57ab
49
vulnerability VCID-yc8g-gqaj-8ycj
50
vulnerability VCID-yjan-urxm-g3a4
51
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3
aliases CVE-2022-43688, GHSA-9jc5-9wh5-mc36
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-he4r-v9gv-tkdh
33
url VCID-htqe-191f-1yab
vulnerability_id VCID-htqe-191f-1yab
summary Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color.  A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 5.1 with vector https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks,  Alexey Solovyev for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-8291
reference_id
reference_type
scores
0
value 0.00339
scoring_system epss
scoring_elements 0.57049
published_at 2026-06-11T12:55:00Z
1
value 0.00339
scoring_system epss
scoring_elements 0.57175
published_at 2026-06-14T12:55:00Z
2
value 0.00339
scoring_system epss
scoring_elements 0.57168
published_at 2026-06-12T12:55:00Z
3
value 0.00339
scoring_system epss
scoring_elements 0.57182
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-8291
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/commit/d97b43b8dd0b5578b41d2ffb5b2186a44c2c772c
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/d97b43b8dd0b5578b41d2ffb5b2186a44c2c772c
3
reference_url https://github.com/concretecms/concretecms/pull/12183
reference_id 12183
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:05:39Z/
url https://github.com/concretecms/concretecms/pull/12183
4
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes
reference_id 8519-release-notes
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:05:39Z/
url https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes
5
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes
reference_id 934-release-notes
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:05:39Z/
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-8291
reference_id CVE-2024-8291
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-8291
7
reference_url https://github.com/concretecms/concretecms/commit/dbce253166f6b10ff3e0c09e50fd395370b8b065
reference_id dbce253166f6b10ff3e0c09e50fd395370b8b065
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:05:39Z/
url https://github.com/concretecms/concretecms/commit/dbce253166f6b10ff3e0c09e50fd395370b8b065
8
reference_url https://github.com/advisories/GHSA-q7qr-22qw-pqgx
reference_id GHSA-q7qr-22qw-pqgx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q7qr-22qw-pqgx
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.19
purl pkg:composer/concrete5/concrete5@8.5.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mj3-9jvf-vudw
1
vulnerability VCID-d4bd-m93f-aqf2
2
vulnerability VCID-dgf1-ded8-4uef
3
vulnerability VCID-dx1t-b982-5ucd
4
vulnerability VCID-g134-5qhy-mudn
5
vulnerability VCID-nahk-p3f1-8bee
6
vulnerability VCID-qndd-2vmq-guen
7
vulnerability VCID-rkx3-e4r3-c3gh
8
vulnerability VCID-tt5n-k5h8-xufp
9
vulnerability VCID-v39f-kpce-2qhz
10
vulnerability VCID-vdtu-qtuw-v3fs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.19
1
url pkg:composer/concrete5/concrete5@9.3.4
purl pkg:composer/concrete5/concrete5@9.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mj3-9jvf-vudw
1
vulnerability VCID-d4bd-m93f-aqf2
2
vulnerability VCID-dgf1-ded8-4uef
3
vulnerability VCID-dx1t-b982-5ucd
4
vulnerability VCID-g134-5qhy-mudn
5
vulnerability VCID-nahk-p3f1-8bee
6
vulnerability VCID-qndd-2vmq-guen
7
vulnerability VCID-rkx3-e4r3-c3gh
8
vulnerability VCID-tt5n-k5h8-xufp
9
vulnerability VCID-v39f-kpce-2qhz
10
vulnerability VCID-vdtu-qtuw-v3fs
11
vulnerability VCID-x48e-w1z4-57ab
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.3.4
aliases CVE-2024-8291, GHSA-q7qr-22qw-pqgx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-htqe-191f-1yab
34
url VCID-j9t7-y29v-6bb7
vulnerability_id VCID-j9t7-y29v-6bb7
summary Withdrawn: ConcreteCMS vulnerable to Xpath injection attacks
references
0
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
1
reference_url https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-46464
reference_id CVE-2022-46464
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-46464
3
reference_url https://github.com/advisories/GHSA-7vx2-5349-qj99
reference_id GHSA-7vx2-5349-qj99
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7vx2-5349-qj99
fixed_packages
aliases CVE-2022-46464, GHSA-7vx2-5349-qj99
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j9t7-y29v-6bb7
35
url VCID-m9p2-uh8x-zuh8
vulnerability_id VCID-m9p2-uh8x-zuh8
summary Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Saved Presets on search.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28474
reference_id
reference_type
scores
0
value 0.01927
scoring_system epss
scoring_elements 0.83763
published_at 2026-06-11T12:55:00Z
1
value 0.01927
scoring_system epss
scoring_elements 0.83826
published_at 2026-06-14T12:55:00Z
2
value 0.01927
scoring_system epss
scoring_elements 0.83829
published_at 2026-06-13T12:55:00Z
3
value 0.01927
scoring_system epss
scoring_elements 0.8382
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28474
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28474
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28474
3
reference_url https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates
reference_id 2023-12-05-concrete-cms-new-cves-and-cve-updates
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:30:45Z/
url https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates
4
reference_url https://concretecms.com
reference_id concretecms.com
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:30:45Z/
url https://concretecms.com
5
reference_url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20
reference_id concrete-cms-security-advisory-2023-04-20
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:30:45Z/
url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20
6
reference_url https://github.com/advisories/GHSA-2j26-j953-2rph
reference_id GHSA-2j26-j953-2rph
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2j26-j953-2rph
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.2.0
purl pkg:composer/concrete5/concrete5@9.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2a3x-n2fy-eqce
1
vulnerability VCID-2x2h-cef1-yfee
2
vulnerability VCID-3514-7uhf-pufd
3
vulnerability VCID-542x-fkyy-sfcp
4
vulnerability VCID-7mj3-9jvf-vudw
5
vulnerability VCID-7whk-wmkw-vuec
6
vulnerability VCID-8war-c3pp-kuf5
7
vulnerability VCID-9j62-yk3f-bfgk
8
vulnerability VCID-9z1s-b811-3ug2
9
vulnerability VCID-acs4-8efj-jqa5
10
vulnerability VCID-afq8-b83x-ckfn
11
vulnerability VCID-c2xh-rq7d-wqey
12
vulnerability VCID-chav-mybs-syd2
13
vulnerability VCID-d263-cpsv-fkeg
14
vulnerability VCID-d4bd-m93f-aqf2
15
vulnerability VCID-dgf1-ded8-4uef
16
vulnerability VCID-dx1t-b982-5ucd
17
vulnerability VCID-eyep-q35n-ebcv
18
vulnerability VCID-fvdb-zeth-8qh7
19
vulnerability VCID-g134-5qhy-mudn
20
vulnerability VCID-gg3x-yz6u-nygp
21
vulnerability VCID-hdw7-spv5-k3c6
22
vulnerability VCID-htqe-191f-1yab
23
vulnerability VCID-n6yd-31cx-zqh2
24
vulnerability VCID-nahk-p3f1-8bee
25
vulnerability VCID-nuz6-12nr-2yga
26
vulnerability VCID-pd9w-6ke4-13hr
27
vulnerability VCID-pgfy-52ca-wbbf
28
vulnerability VCID-qndd-2vmq-guen
29
vulnerability VCID-rgjf-p329-vbf8
30
vulnerability VCID-rkx3-e4r3-c3gh
31
vulnerability VCID-tgvt-rgwm-d7de
32
vulnerability VCID-tt5n-k5h8-xufp
33
vulnerability VCID-ty11-5ff4-s7av
34
vulnerability VCID-tzyh-y7uc-hff9
35
vulnerability VCID-v39f-kpce-2qhz
36
vulnerability VCID-vbae-fwnr-zff5
37
vulnerability VCID-vdtu-qtuw-v3fs
38
vulnerability VCID-w8rd-ssb2-pkgx
39
vulnerability VCID-wau6-kvqa-pbgu
40
vulnerability VCID-wqt4-uc3s-zbdn
41
vulnerability VCID-x48e-w1z4-57ab
42
vulnerability VCID-yc8g-gqaj-8ycj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0
aliases CVE-2023-28474, GHSA-2j26-j953-2rph
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m9p2-uh8x-zuh8
36
url VCID-mjce-crza-h7d4
vulnerability_id VCID-mjce-crza-h7d4
summary Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43693
reference_id
reference_type
scores
0
value 0.00428
scoring_system epss
scoring_elements 0.629
published_at 2026-06-11T12:55:00Z
1
value 0.00428
scoring_system epss
scoring_elements 0.63009
published_at 2026-06-14T12:55:00Z
2
value 0.00428
scoring_system epss
scoring_elements 0.63014
published_at 2026-06-13T12:55:00Z
3
value 0.00428
scoring_system epss
scoring_elements 0.63002
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43693
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/releases/8.5.10
reference_id 8.5.10
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:08:21Z/
url https://github.com/concretecms/concretecms/releases/8.5.10
3
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
reference_id 8510-release-notes
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:08:21Z/
url https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
4
reference_url https://github.com/concretecms/concretecms/releases/9.1.3
reference_id 9.1.3
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:08:21Z/
url https://github.com/concretecms/concretecms/releases/9.1.3
5
reference_url https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
reference_id 913-release-notes
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:08:21Z/
url https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
6
reference_url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
reference_id concrete-cms-security-advisory-2022-10-31
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:08:21Z/
url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-43693
reference_id CVE-2022-43693
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-43693
8
reference_url https://github.com/advisories/GHSA-w8fp-3gwq-gxpw
reference_id GHSA-w8fp-3gwq-gxpw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w8fp-3gwq-gxpw
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.10
purl pkg:composer/concrete5/concrete5@8.5.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2fk1-gqz6-kbcy
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-542x-fkyy-sfcp
5
vulnerability VCID-69vg-twmj-jfb2
6
vulnerability VCID-7mj3-9jvf-vudw
7
vulnerability VCID-7whk-wmkw-vuec
8
vulnerability VCID-8war-c3pp-kuf5
9
vulnerability VCID-9j62-yk3f-bfgk
10
vulnerability VCID-acs4-8efj-jqa5
11
vulnerability VCID-afq8-b83x-ckfn
12
vulnerability VCID-bbxq-cdbp-vucg
13
vulnerability VCID-c2xh-rq7d-wqey
14
vulnerability VCID-cyhv-k8b7-u3dc
15
vulnerability VCID-d263-cpsv-fkeg
16
vulnerability VCID-d4bd-m93f-aqf2
17
vulnerability VCID-dgf1-ded8-4uef
18
vulnerability VCID-dx1t-b982-5ucd
19
vulnerability VCID-e9xf-aufp-7ffa
20
vulnerability VCID-fvdb-zeth-8qh7
21
vulnerability VCID-g134-5qhy-mudn
22
vulnerability VCID-gg3x-yz6u-nygp
23
vulnerability VCID-hdw7-spv5-k3c6
24
vulnerability VCID-htqe-191f-1yab
25
vulnerability VCID-j9t7-y29v-6bb7
26
vulnerability VCID-m9p2-uh8x-zuh8
27
vulnerability VCID-n6yd-31cx-zqh2
28
vulnerability VCID-nahk-p3f1-8bee
29
vulnerability VCID-nuz6-12nr-2yga
30
vulnerability VCID-pbqg-vpwf-rkfr
31
vulnerability VCID-qndd-2vmq-guen
32
vulnerability VCID-rgjf-p329-vbf8
33
vulnerability VCID-rkx3-e4r3-c3gh
34
vulnerability VCID-tgvt-rgwm-d7de
35
vulnerability VCID-tt5n-k5h8-xufp
36
vulnerability VCID-ty11-5ff4-s7av
37
vulnerability VCID-tzyh-y7uc-hff9
38
vulnerability VCID-v39f-kpce-2qhz
39
vulnerability VCID-vbae-fwnr-zff5
40
vulnerability VCID-vdtu-qtuw-v3fs
41
vulnerability VCID-wau6-kvqa-pbgu
42
vulnerability VCID-wqt4-uc3s-zbdn
43
vulnerability VCID-yjan-urxm-g3a4
44
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10
1
url pkg:composer/concrete5/concrete5@9.1.3
purl pkg:composer/concrete5/concrete5@9.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2x2h-cef1-yfee
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-542x-fkyy-sfcp
5
vulnerability VCID-69vg-twmj-jfb2
6
vulnerability VCID-7mj3-9jvf-vudw
7
vulnerability VCID-7whk-wmkw-vuec
8
vulnerability VCID-8war-c3pp-kuf5
9
vulnerability VCID-9j62-yk3f-bfgk
10
vulnerability VCID-9z1s-b811-3ug2
11
vulnerability VCID-acs4-8efj-jqa5
12
vulnerability VCID-afq8-b83x-ckfn
13
vulnerability VCID-bbxq-cdbp-vucg
14
vulnerability VCID-c2xh-rq7d-wqey
15
vulnerability VCID-chav-mybs-syd2
16
vulnerability VCID-cyhv-k8b7-u3dc
17
vulnerability VCID-d263-cpsv-fkeg
18
vulnerability VCID-d4bd-m93f-aqf2
19
vulnerability VCID-dgf1-ded8-4uef
20
vulnerability VCID-dx1t-b982-5ucd
21
vulnerability VCID-eyep-q35n-ebcv
22
vulnerability VCID-fvdb-zeth-8qh7
23
vulnerability VCID-g134-5qhy-mudn
24
vulnerability VCID-gg3x-yz6u-nygp
25
vulnerability VCID-hdw7-spv5-k3c6
26
vulnerability VCID-htqe-191f-1yab
27
vulnerability VCID-j9t7-y29v-6bb7
28
vulnerability VCID-m9p2-uh8x-zuh8
29
vulnerability VCID-n6yd-31cx-zqh2
30
vulnerability VCID-nahk-p3f1-8bee
31
vulnerability VCID-nuz6-12nr-2yga
32
vulnerability VCID-pd9w-6ke4-13hr
33
vulnerability VCID-pgfy-52ca-wbbf
34
vulnerability VCID-qndd-2vmq-guen
35
vulnerability VCID-rgjf-p329-vbf8
36
vulnerability VCID-rkx3-e4r3-c3gh
37
vulnerability VCID-s6vy-zjm8-n7bc
38
vulnerability VCID-tgvt-rgwm-d7de
39
vulnerability VCID-tt5n-k5h8-xufp
40
vulnerability VCID-ty11-5ff4-s7av
41
vulnerability VCID-tzyh-y7uc-hff9
42
vulnerability VCID-v39f-kpce-2qhz
43
vulnerability VCID-vbae-fwnr-zff5
44
vulnerability VCID-vdtu-qtuw-v3fs
45
vulnerability VCID-w8rd-ssb2-pkgx
46
vulnerability VCID-wau6-kvqa-pbgu
47
vulnerability VCID-wqt4-uc3s-zbdn
48
vulnerability VCID-x48e-w1z4-57ab
49
vulnerability VCID-yc8g-gqaj-8ycj
50
vulnerability VCID-yjan-urxm-g3a4
51
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3
aliases CVE-2022-43693, GHSA-w8fp-3gwq-gxpw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mjce-crza-h7d4
37
url VCID-n6yd-31cx-zqh2
vulnerability_id VCID-n6yd-31cx-zqh2
summary A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-44762
reference_id
reference_type
scores
0
value 0.00219
scoring_system epss
scoring_elements 0.44812
published_at 2026-06-13T12:55:00Z
1
value 0.00219
scoring_system epss
scoring_elements 0.44645
published_at 2026-06-11T12:55:00Z
2
value 0.00219
scoring_system epss
scoring_elements 0.44796
published_at 2026-06-12T12:55:00Z
3
value 0.00219
scoring_system epss
scoring_elements 0.448
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-44762
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-44762
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-44762
3
reference_url https://github.com/sromanhu/ConcreteCMS-Reflected-XSS---Tags
reference_id ConcreteCMS-Reflected-XSS---Tags
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T16:28:16Z/
url https://github.com/sromanhu/ConcreteCMS-Reflected-XSS---Tags
4
reference_url https://github.com/advisories/GHSA-6fm3-r6mf-j875
reference_id GHSA-6fm3-r6mf-j875
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6fm3-r6mf-j875
fixed_packages
aliases CVE-2023-44762, GHSA-6fm3-r6mf-j875
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n6yd-31cx-zqh2
38
url VCID-nahk-p3f1-8bee
vulnerability_id VCID-nahk-p3f1-8bee
summary In Concrete CMS below version 9.4.8, a stored cross-site scripting (XSS) vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms (e.g., a rogue administrator) can inject a persistent JavaScript payload into the options of a multiple-choice question (Checkbox List, Radio Buttons, or Select Box). This payload is then executed in the browser of any user who views the page containing the form. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks M3dium for reporting.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3241
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01237
published_at 2026-06-14T12:55:00Z
1
value 0.0001
scoring_system epss
scoring_elements 0.01233
published_at 2026-06-13T12:55:00Z
2
value 0.0001
scoring_system epss
scoring_elements 0.01227
published_at 2026-06-12T12:55:00Z
3
value 0.0001
scoring_system epss
scoring_elements 0.0123
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3241
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/pull/12826
reference_id 12826
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:41:54Z/
url https://github.com/concretecms/concretecms/pull/12826
3
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes
reference_id 948-release-notes
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:41:54Z/
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3241
reference_id CVE-2026-3241
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3241
5
reference_url https://github.com/advisories/GHSA-f4vq-pj32-gr4q
reference_id GHSA-f4vq-pj32-gr4q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f4vq-pj32-gr4q
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.4.8
purl pkg:composer/concrete5/concrete5@9.4.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8
aliases CVE-2026-3241, GHSA-f4vq-pj32-gr4q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nahk-p3f1-8bee
39
url VCID-nuz6-12nr-2yga
vulnerability_id VCID-nuz6-12nr-2yga
summary Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.18 are vulnerable to Stored XSS in the "Next&Previous Nav" block. A rogue administrator could add a malicious payload by executing it in the browsers of targeted users. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N  Since the "Next&Previous Nav" block output was not sufficiently sanitized, the malicious payload could be executed in the browsers of targeted users. Thanks, Chu Quoc Khanh for reporting.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-8661
reference_id
reference_type
scores
0
value 0.00539
scoring_system epss
scoring_elements 0.68027
published_at 2026-06-11T12:55:00Z
1
value 0.00539
scoring_system epss
scoring_elements 0.68124
published_at 2026-06-14T12:55:00Z
2
value 0.00539
scoring_system epss
scoring_elements 0.68128
published_at 2026-06-13T12:55:00Z
3
value 0.00539
scoring_system epss
scoring_elements 0.68115
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-8661
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 2.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/commit/3e548b416ae32efee1e0a42c4510be1106c7eb25
reference_id
reference_type
scores
0
value 2.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/3e548b416ae32efee1e0a42c4510be1106c7eb25
3
reference_url https://github.com/concretecms/concretecms/pull/12204
reference_id 12204
reference_type
scores
0
value 2.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T20:05:43Z/
url https://github.com/concretecms/concretecms/pull/12204
4
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes
reference_id 8519-release-notes
reference_type
scores
0
value 2.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T20:05:43Z/
url https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes
5
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes
reference_id 934-release-notes
reference_type
scores
0
value 2.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T20:05:43Z/
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes
6
reference_url https://github.com/concretecms/concretecms/commit/ce5ee2ab83fe8de6fa012dd51c5a1dde05cb0dc4
reference_id ce5ee2ab83fe8de6fa012dd51c5a1dde05cb0dc4
reference_type
scores
0
value 2.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T20:05:43Z/
url https://github.com/concretecms/concretecms/commit/ce5ee2ab83fe8de6fa012dd51c5a1dde05cb0dc4
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-8661
reference_id CVE-2024-8661
reference_type
scores
0
value 2.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-8661
8
reference_url https://github.com/advisories/GHSA-xmxj-v2q8-8qx6
reference_id GHSA-xmxj-v2q8-8qx6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xmxj-v2q8-8qx6
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.19
purl pkg:composer/concrete5/concrete5@8.5.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mj3-9jvf-vudw
1
vulnerability VCID-d4bd-m93f-aqf2
2
vulnerability VCID-dgf1-ded8-4uef
3
vulnerability VCID-dx1t-b982-5ucd
4
vulnerability VCID-g134-5qhy-mudn
5
vulnerability VCID-nahk-p3f1-8bee
6
vulnerability VCID-qndd-2vmq-guen
7
vulnerability VCID-rkx3-e4r3-c3gh
8
vulnerability VCID-tt5n-k5h8-xufp
9
vulnerability VCID-v39f-kpce-2qhz
10
vulnerability VCID-vdtu-qtuw-v3fs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.19
1
url pkg:composer/concrete5/concrete5@9.3.4
purl pkg:composer/concrete5/concrete5@9.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mj3-9jvf-vudw
1
vulnerability VCID-d4bd-m93f-aqf2
2
vulnerability VCID-dgf1-ded8-4uef
3
vulnerability VCID-dx1t-b982-5ucd
4
vulnerability VCID-g134-5qhy-mudn
5
vulnerability VCID-nahk-p3f1-8bee
6
vulnerability VCID-qndd-2vmq-guen
7
vulnerability VCID-rkx3-e4r3-c3gh
8
vulnerability VCID-tt5n-k5h8-xufp
9
vulnerability VCID-v39f-kpce-2qhz
10
vulnerability VCID-vdtu-qtuw-v3fs
11
vulnerability VCID-x48e-w1z4-57ab
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.3.4
aliases CVE-2024-8661, GHSA-xmxj-v2q8-8qx6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nuz6-12nr-2yga
40
url VCID-pbqg-vpwf-rkfr
vulnerability_id VCID-pbqg-vpwf-rkfr
summary Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28820
reference_id
reference_type
scores
0
value 0.00473
scoring_system epss
scoring_elements 0.65282
published_at 2026-06-12T12:55:00Z
1
value 0.00473
scoring_system epss
scoring_elements 0.65291
published_at 2026-06-14T12:55:00Z
2
value 0.00473
scoring_system epss
scoring_elements 0.65293
published_at 2026-06-13T12:55:00Z
3
value 0.00473
scoring_system epss
scoring_elements 0.65181
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28820
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28820
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28820
3
reference_url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20
reference_id concrete-cms-security-advisory-2023-04-20
reference_type
scores
0
value 2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:H/AV:N/A:N/C:L/I:N/PR:H/S:U/UI:R
1
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:09:20Z/
url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20
4
reference_url https://github.com/advisories/GHSA-fgxj-g7x3-85cq
reference_id GHSA-fgxj-g7x3-85cq
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fgxj-g7x3-85cq
5
reference_url https://github.com/concretecms/concretecms/releases
reference_id releases
reference_type
scores
0
value 2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:H/AV:N/A:N/C:L/I:N/PR:H/S:U/UI:R
1
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:09:20Z/
url https://github.com/concretecms/concretecms/releases
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.1.0
purl pkg:composer/concrete5/concrete5@9.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2x2h-cef1-yfee
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-4h16-ay16-qkcs
5
vulnerability VCID-542x-fkyy-sfcp
6
vulnerability VCID-56qq-9y15-nkb7
7
vulnerability VCID-683x-bjfm-j3hh
8
vulnerability VCID-69vg-twmj-jfb2
9
vulnerability VCID-71ae-y44g-kbbw
10
vulnerability VCID-7mj3-9jvf-vudw
11
vulnerability VCID-7whk-wmkw-vuec
12
vulnerability VCID-8war-c3pp-kuf5
13
vulnerability VCID-9j62-yk3f-bfgk
14
vulnerability VCID-9kyu-9sz6-1bea
15
vulnerability VCID-9z1s-b811-3ug2
16
vulnerability VCID-acs4-8efj-jqa5
17
vulnerability VCID-afq8-b83x-ckfn
18
vulnerability VCID-bbxq-cdbp-vucg
19
vulnerability VCID-c2xh-rq7d-wqey
20
vulnerability VCID-chav-mybs-syd2
21
vulnerability VCID-cyhv-k8b7-u3dc
22
vulnerability VCID-d263-cpsv-fkeg
23
vulnerability VCID-d4bd-m93f-aqf2
24
vulnerability VCID-dgf1-ded8-4uef
25
vulnerability VCID-dx1t-b982-5ucd
26
vulnerability VCID-eyep-q35n-ebcv
27
vulnerability VCID-fvdb-zeth-8qh7
28
vulnerability VCID-g134-5qhy-mudn
29
vulnerability VCID-g3pw-h46n-fyac
30
vulnerability VCID-gg3x-yz6u-nygp
31
vulnerability VCID-h56x-jv8r-a3aq
32
vulnerability VCID-h67e-b4s5-guac
33
vulnerability VCID-hdw7-spv5-k3c6
34
vulnerability VCID-he4r-v9gv-tkdh
35
vulnerability VCID-htqe-191f-1yab
36
vulnerability VCID-j9t7-y29v-6bb7
37
vulnerability VCID-m9p2-uh8x-zuh8
38
vulnerability VCID-mjce-crza-h7d4
39
vulnerability VCID-n6yd-31cx-zqh2
40
vulnerability VCID-nahk-p3f1-8bee
41
vulnerability VCID-nuz6-12nr-2yga
42
vulnerability VCID-pbwe-39av-sydg
43
vulnerability VCID-pd9w-6ke4-13hr
44
vulnerability VCID-pgfy-52ca-wbbf
45
vulnerability VCID-pt73-zjft-syhk
46
vulnerability VCID-qndd-2vmq-guen
47
vulnerability VCID-rgjf-p329-vbf8
48
vulnerability VCID-rkx3-e4r3-c3gh
49
vulnerability VCID-tgvt-rgwm-d7de
50
vulnerability VCID-tt5n-k5h8-xufp
51
vulnerability VCID-ty11-5ff4-s7av
52
vulnerability VCID-tzyh-y7uc-hff9
53
vulnerability VCID-v39f-kpce-2qhz
54
vulnerability VCID-vbae-fwnr-zff5
55
vulnerability VCID-vdtu-qtuw-v3fs
56
vulnerability VCID-w8rd-ssb2-pkgx
57
vulnerability VCID-wau6-kvqa-pbgu
58
vulnerability VCID-wqt4-uc3s-zbdn
59
vulnerability VCID-x48e-w1z4-57ab
60
vulnerability VCID-xfwe-ku14-gfe7
61
vulnerability VCID-yc8g-gqaj-8ycj
62
vulnerability VCID-yjan-urxm-g3a4
63
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.0
aliases CVE-2023-28820, GHSA-fgxj-g7x3-85cq
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pbqg-vpwf-rkfr
41
url VCID-pbwe-39av-sydg
vulnerability_id VCID-pbwe-39av-sydg
summary In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service (high load).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43686
reference_id
reference_type
scores
0
value 0.00797
scoring_system epss
scoring_elements 0.7443
published_at 2026-06-11T12:55:00Z
1
value 0.00797
scoring_system epss
scoring_elements 0.74514
published_at 2026-06-14T12:55:00Z
2
value 0.00797
scoring_system epss
scoring_elements 0.74516
published_at 2026-06-13T12:55:00Z
3
value 0.00797
scoring_system epss
scoring_elements 0.74503
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43686
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/releases/8.5.10
reference_id 8.5.10
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:20:30Z/
url https://github.com/concretecms/concretecms/releases/8.5.10
3
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
reference_id 8510-release-notes
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:20:30Z/
url https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
4
reference_url https://github.com/concretecms/concretecms/releases/9.1.3
reference_id 9.1.3
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:20:30Z/
url https://github.com/concretecms/concretecms/releases/9.1.3
5
reference_url https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
reference_id 913-release-notes
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:20:30Z/
url https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
6
reference_url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
reference_id concrete-cms-security-advisory-2022-10-31
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:20:30Z/
url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-43686
reference_id CVE-2022-43686
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-43686
8
reference_url https://github.com/advisories/GHSA-3cxx-3f53-m92c
reference_id GHSA-3cxx-3f53-m92c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3cxx-3f53-m92c
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.10
purl pkg:composer/concrete5/concrete5@8.5.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2fk1-gqz6-kbcy
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-542x-fkyy-sfcp
5
vulnerability VCID-69vg-twmj-jfb2
6
vulnerability VCID-7mj3-9jvf-vudw
7
vulnerability VCID-7whk-wmkw-vuec
8
vulnerability VCID-8war-c3pp-kuf5
9
vulnerability VCID-9j62-yk3f-bfgk
10
vulnerability VCID-acs4-8efj-jqa5
11
vulnerability VCID-afq8-b83x-ckfn
12
vulnerability VCID-bbxq-cdbp-vucg
13
vulnerability VCID-c2xh-rq7d-wqey
14
vulnerability VCID-cyhv-k8b7-u3dc
15
vulnerability VCID-d263-cpsv-fkeg
16
vulnerability VCID-d4bd-m93f-aqf2
17
vulnerability VCID-dgf1-ded8-4uef
18
vulnerability VCID-dx1t-b982-5ucd
19
vulnerability VCID-e9xf-aufp-7ffa
20
vulnerability VCID-fvdb-zeth-8qh7
21
vulnerability VCID-g134-5qhy-mudn
22
vulnerability VCID-gg3x-yz6u-nygp
23
vulnerability VCID-hdw7-spv5-k3c6
24
vulnerability VCID-htqe-191f-1yab
25
vulnerability VCID-j9t7-y29v-6bb7
26
vulnerability VCID-m9p2-uh8x-zuh8
27
vulnerability VCID-n6yd-31cx-zqh2
28
vulnerability VCID-nahk-p3f1-8bee
29
vulnerability VCID-nuz6-12nr-2yga
30
vulnerability VCID-pbqg-vpwf-rkfr
31
vulnerability VCID-qndd-2vmq-guen
32
vulnerability VCID-rgjf-p329-vbf8
33
vulnerability VCID-rkx3-e4r3-c3gh
34
vulnerability VCID-tgvt-rgwm-d7de
35
vulnerability VCID-tt5n-k5h8-xufp
36
vulnerability VCID-ty11-5ff4-s7av
37
vulnerability VCID-tzyh-y7uc-hff9
38
vulnerability VCID-v39f-kpce-2qhz
39
vulnerability VCID-vbae-fwnr-zff5
40
vulnerability VCID-vdtu-qtuw-v3fs
41
vulnerability VCID-wau6-kvqa-pbgu
42
vulnerability VCID-wqt4-uc3s-zbdn
43
vulnerability VCID-yjan-urxm-g3a4
44
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10
1
url pkg:composer/concrete5/concrete5@9.1.3
purl pkg:composer/concrete5/concrete5@9.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2x2h-cef1-yfee
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-542x-fkyy-sfcp
5
vulnerability VCID-69vg-twmj-jfb2
6
vulnerability VCID-7mj3-9jvf-vudw
7
vulnerability VCID-7whk-wmkw-vuec
8
vulnerability VCID-8war-c3pp-kuf5
9
vulnerability VCID-9j62-yk3f-bfgk
10
vulnerability VCID-9z1s-b811-3ug2
11
vulnerability VCID-acs4-8efj-jqa5
12
vulnerability VCID-afq8-b83x-ckfn
13
vulnerability VCID-bbxq-cdbp-vucg
14
vulnerability VCID-c2xh-rq7d-wqey
15
vulnerability VCID-chav-mybs-syd2
16
vulnerability VCID-cyhv-k8b7-u3dc
17
vulnerability VCID-d263-cpsv-fkeg
18
vulnerability VCID-d4bd-m93f-aqf2
19
vulnerability VCID-dgf1-ded8-4uef
20
vulnerability VCID-dx1t-b982-5ucd
21
vulnerability VCID-eyep-q35n-ebcv
22
vulnerability VCID-fvdb-zeth-8qh7
23
vulnerability VCID-g134-5qhy-mudn
24
vulnerability VCID-gg3x-yz6u-nygp
25
vulnerability VCID-hdw7-spv5-k3c6
26
vulnerability VCID-htqe-191f-1yab
27
vulnerability VCID-j9t7-y29v-6bb7
28
vulnerability VCID-m9p2-uh8x-zuh8
29
vulnerability VCID-n6yd-31cx-zqh2
30
vulnerability VCID-nahk-p3f1-8bee
31
vulnerability VCID-nuz6-12nr-2yga
32
vulnerability VCID-pd9w-6ke4-13hr
33
vulnerability VCID-pgfy-52ca-wbbf
34
vulnerability VCID-qndd-2vmq-guen
35
vulnerability VCID-rgjf-p329-vbf8
36
vulnerability VCID-rkx3-e4r3-c3gh
37
vulnerability VCID-s6vy-zjm8-n7bc
38
vulnerability VCID-tgvt-rgwm-d7de
39
vulnerability VCID-tt5n-k5h8-xufp
40
vulnerability VCID-ty11-5ff4-s7av
41
vulnerability VCID-tzyh-y7uc-hff9
42
vulnerability VCID-v39f-kpce-2qhz
43
vulnerability VCID-vbae-fwnr-zff5
44
vulnerability VCID-vdtu-qtuw-v3fs
45
vulnerability VCID-w8rd-ssb2-pkgx
46
vulnerability VCID-wau6-kvqa-pbgu
47
vulnerability VCID-wqt4-uc3s-zbdn
48
vulnerability VCID-x48e-w1z4-57ab
49
vulnerability VCID-yc8g-gqaj-8ycj
50
vulnerability VCID-yjan-urxm-g3a4
51
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3
aliases CVE-2022-43686, GHSA-3cxx-3f53-m92c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pbwe-39av-sydg
42
url VCID-pt73-zjft-syhk
vulnerability_id VCID-pt73-zjft-syhk
summary Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43968
reference_id
reference_type
scores
0
value 0.00656
scoring_system epss
scoring_elements 0.71578
published_at 2026-06-12T12:55:00Z
1
value 0.00656
scoring_system epss
scoring_elements 0.71589
published_at 2026-06-14T12:55:00Z
2
value 0.00656
scoring_system epss
scoring_elements 0.71492
published_at 2026-06-11T12:55:00Z
3
value 0.00656
scoring_system epss
scoring_elements 0.71591
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43968
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/releases/8.5.10
reference_id 8.5.10
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:39:35Z/
url https://github.com/concretecms/concretecms/releases/8.5.10
3
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
reference_id 8510-release-notes
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:39:35Z/
url https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
4
reference_url https://github.com/concretecms/concretecms/releases/9.1.3
reference_id 9.1.3
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:39:35Z/
url https://github.com/concretecms/concretecms/releases/9.1.3
5
reference_url https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
reference_id 913-release-notes
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:39:35Z/
url https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
6
reference_url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
reference_id concrete-cms-security-advisory-2022-10-31
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:39:35Z/
url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-43968
reference_id CVE-2022-43968
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-43968
8
reference_url https://github.com/advisories/GHSA-8782-xgh5-r7mv
reference_id GHSA-8782-xgh5-r7mv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8782-xgh5-r7mv
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.10
purl pkg:composer/concrete5/concrete5@8.5.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2fk1-gqz6-kbcy
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-542x-fkyy-sfcp
5
vulnerability VCID-69vg-twmj-jfb2
6
vulnerability VCID-7mj3-9jvf-vudw
7
vulnerability VCID-7whk-wmkw-vuec
8
vulnerability VCID-8war-c3pp-kuf5
9
vulnerability VCID-9j62-yk3f-bfgk
10
vulnerability VCID-acs4-8efj-jqa5
11
vulnerability VCID-afq8-b83x-ckfn
12
vulnerability VCID-bbxq-cdbp-vucg
13
vulnerability VCID-c2xh-rq7d-wqey
14
vulnerability VCID-cyhv-k8b7-u3dc
15
vulnerability VCID-d263-cpsv-fkeg
16
vulnerability VCID-d4bd-m93f-aqf2
17
vulnerability VCID-dgf1-ded8-4uef
18
vulnerability VCID-dx1t-b982-5ucd
19
vulnerability VCID-e9xf-aufp-7ffa
20
vulnerability VCID-fvdb-zeth-8qh7
21
vulnerability VCID-g134-5qhy-mudn
22
vulnerability VCID-gg3x-yz6u-nygp
23
vulnerability VCID-hdw7-spv5-k3c6
24
vulnerability VCID-htqe-191f-1yab
25
vulnerability VCID-j9t7-y29v-6bb7
26
vulnerability VCID-m9p2-uh8x-zuh8
27
vulnerability VCID-n6yd-31cx-zqh2
28
vulnerability VCID-nahk-p3f1-8bee
29
vulnerability VCID-nuz6-12nr-2yga
30
vulnerability VCID-pbqg-vpwf-rkfr
31
vulnerability VCID-qndd-2vmq-guen
32
vulnerability VCID-rgjf-p329-vbf8
33
vulnerability VCID-rkx3-e4r3-c3gh
34
vulnerability VCID-tgvt-rgwm-d7de
35
vulnerability VCID-tt5n-k5h8-xufp
36
vulnerability VCID-ty11-5ff4-s7av
37
vulnerability VCID-tzyh-y7uc-hff9
38
vulnerability VCID-v39f-kpce-2qhz
39
vulnerability VCID-vbae-fwnr-zff5
40
vulnerability VCID-vdtu-qtuw-v3fs
41
vulnerability VCID-wau6-kvqa-pbgu
42
vulnerability VCID-wqt4-uc3s-zbdn
43
vulnerability VCID-yjan-urxm-g3a4
44
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10
1
url pkg:composer/concrete5/concrete5@9.1.3
purl pkg:composer/concrete5/concrete5@9.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2x2h-cef1-yfee
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-542x-fkyy-sfcp
5
vulnerability VCID-69vg-twmj-jfb2
6
vulnerability VCID-7mj3-9jvf-vudw
7
vulnerability VCID-7whk-wmkw-vuec
8
vulnerability VCID-8war-c3pp-kuf5
9
vulnerability VCID-9j62-yk3f-bfgk
10
vulnerability VCID-9z1s-b811-3ug2
11
vulnerability VCID-acs4-8efj-jqa5
12
vulnerability VCID-afq8-b83x-ckfn
13
vulnerability VCID-bbxq-cdbp-vucg
14
vulnerability VCID-c2xh-rq7d-wqey
15
vulnerability VCID-chav-mybs-syd2
16
vulnerability VCID-cyhv-k8b7-u3dc
17
vulnerability VCID-d263-cpsv-fkeg
18
vulnerability VCID-d4bd-m93f-aqf2
19
vulnerability VCID-dgf1-ded8-4uef
20
vulnerability VCID-dx1t-b982-5ucd
21
vulnerability VCID-eyep-q35n-ebcv
22
vulnerability VCID-fvdb-zeth-8qh7
23
vulnerability VCID-g134-5qhy-mudn
24
vulnerability VCID-gg3x-yz6u-nygp
25
vulnerability VCID-hdw7-spv5-k3c6
26
vulnerability VCID-htqe-191f-1yab
27
vulnerability VCID-j9t7-y29v-6bb7
28
vulnerability VCID-m9p2-uh8x-zuh8
29
vulnerability VCID-n6yd-31cx-zqh2
30
vulnerability VCID-nahk-p3f1-8bee
31
vulnerability VCID-nuz6-12nr-2yga
32
vulnerability VCID-pd9w-6ke4-13hr
33
vulnerability VCID-pgfy-52ca-wbbf
34
vulnerability VCID-qndd-2vmq-guen
35
vulnerability VCID-rgjf-p329-vbf8
36
vulnerability VCID-rkx3-e4r3-c3gh
37
vulnerability VCID-s6vy-zjm8-n7bc
38
vulnerability VCID-tgvt-rgwm-d7de
39
vulnerability VCID-tt5n-k5h8-xufp
40
vulnerability VCID-ty11-5ff4-s7av
41
vulnerability VCID-tzyh-y7uc-hff9
42
vulnerability VCID-v39f-kpce-2qhz
43
vulnerability VCID-vbae-fwnr-zff5
44
vulnerability VCID-vdtu-qtuw-v3fs
45
vulnerability VCID-w8rd-ssb2-pkgx
46
vulnerability VCID-wau6-kvqa-pbgu
47
vulnerability VCID-wqt4-uc3s-zbdn
48
vulnerability VCID-x48e-w1z4-57ab
49
vulnerability VCID-yc8g-gqaj-8ycj
50
vulnerability VCID-yjan-urxm-g3a4
51
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3
aliases CVE-2022-43968, GHSA-8782-xgh5-r7mv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pt73-zjft-syhk
43
url VCID-qndd-2vmq-guen
vulnerability_id VCID-qndd-2vmq-guen
summary In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Thanks minhnn42, namdi and quanlna2 from VCSLab-Viettel Cyber Security for reporting.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3240
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01379
published_at 2026-06-11T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01394
published_at 2026-06-14T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01381
published_at 2026-06-12T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.0139
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3240
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/pull/12826
reference_id 12826
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:32:45Z/
url https://github.com/concretecms/concretecms/pull/12826
3
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes
reference_id 948-release-notes
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:32:45Z/
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3240
reference_id CVE-2026-3240
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3240
5
reference_url https://github.com/advisories/GHSA-45fj-fvmm-xcc5
reference_id GHSA-45fj-fvmm-xcc5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-45fj-fvmm-xcc5
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.4.8
purl pkg:composer/concrete5/concrete5@9.4.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8
aliases CVE-2026-3240, GHSA-45fj-fvmm-xcc5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qndd-2vmq-guen
44
url VCID-rgjf-p329-vbf8
vulnerability_id VCID-rgjf-p329-vbf8
summary Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-3179
reference_id
reference_type
scores
0
value 0.00104
scoring_system epss
scoring_elements 0.28128
published_at 2026-06-12T12:55:00Z
1
value 0.00104
scoring_system epss
scoring_elements 0.28142
published_at 2026-06-14T12:55:00Z
2
value 0.00104
scoring_system epss
scoring_elements 0.28153
published_at 2026-06-13T12:55:00Z
3
value 0.00104
scoring_system epss
scoring_elements 0.2793
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-3179
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
3
reference_url https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904
4
reference_url https://github.com/concretecms/concretecms/pull/11988
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/pull/11988
5
reference_url https://github.com/concretecms/concretecms/pull/11989
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/pull/11989
6
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
reference_id 8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T20:02:16Z/
url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
7
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
reference_id 928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T20:02:16Z/
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-3179
reference_id CVE-2024-3179
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-3179
9
reference_url https://github.com/advisories/GHSA-r7q4-cw9r-vhp4
reference_id GHSA-r7q4-cw9r-vhp4
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r7q4-cw9r-vhp4
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.16
purl pkg:composer/concrete5/concrete5@8.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mj3-9jvf-vudw
1
vulnerability VCID-c2xh-rq7d-wqey
2
vulnerability VCID-d4bd-m93f-aqf2
3
vulnerability VCID-dgf1-ded8-4uef
4
vulnerability VCID-dx1t-b982-5ucd
5
vulnerability VCID-g134-5qhy-mudn
6
vulnerability VCID-hdw7-spv5-k3c6
7
vulnerability VCID-htqe-191f-1yab
8
vulnerability VCID-nahk-p3f1-8bee
9
vulnerability VCID-nuz6-12nr-2yga
10
vulnerability VCID-qndd-2vmq-guen
11
vulnerability VCID-rkx3-e4r3-c3gh
12
vulnerability VCID-tt5n-k5h8-xufp
13
vulnerability VCID-v39f-kpce-2qhz
14
vulnerability VCID-vdtu-qtuw-v3fs
15
vulnerability VCID-wau6-kvqa-pbgu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.16
1
url pkg:composer/concrete5/concrete5@9.2.8
purl pkg:composer/concrete5/concrete5@9.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mj3-9jvf-vudw
1
vulnerability VCID-9z1s-b811-3ug2
2
vulnerability VCID-c2xh-rq7d-wqey
3
vulnerability VCID-d4bd-m93f-aqf2
4
vulnerability VCID-dgf1-ded8-4uef
5
vulnerability VCID-dx1t-b982-5ucd
6
vulnerability VCID-eyep-q35n-ebcv
7
vulnerability VCID-g134-5qhy-mudn
8
vulnerability VCID-hdw7-spv5-k3c6
9
vulnerability VCID-htqe-191f-1yab
10
vulnerability VCID-nahk-p3f1-8bee
11
vulnerability VCID-nuz6-12nr-2yga
12
vulnerability VCID-pgfy-52ca-wbbf
13
vulnerability VCID-qndd-2vmq-guen
14
vulnerability VCID-rkx3-e4r3-c3gh
15
vulnerability VCID-tt5n-k5h8-xufp
16
vulnerability VCID-v39f-kpce-2qhz
17
vulnerability VCID-vdtu-qtuw-v3fs
18
vulnerability VCID-wau6-kvqa-pbgu
19
vulnerability VCID-x48e-w1z4-57ab
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8
aliases CVE-2024-3179, GHSA-r7q4-cw9r-vhp4
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rgjf-p329-vbf8
45
url VCID-rkx3-e4r3-c3gh
vulnerability_id VCID-rkx3-e4r3-c3gh
summary Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injection into the Express Entry List block via the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed to unserialize() without class restrictions or integrity checks. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 8.9 with vector CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H. Thanks YJK ( @YJK0805 https://hackerone.com/yjk0805 ) of ZUSO ART https://zuso.ai/  for reporting.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3452
reference_id
reference_type
scores
0
value 0.00273
scoring_system epss
scoring_elements 0.51008
published_at 2026-06-11T12:55:00Z
1
value 0.00273
scoring_system epss
scoring_elements 0.51142
published_at 2026-06-14T12:55:00Z
2
value 0.00273
scoring_system epss
scoring_elements 0.51139
published_at 2026-06-12T12:55:00Z
3
value 0.00273
scoring_system epss
scoring_elements 0.51154
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3452
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/pull/12826/changes/167f16e4805d8ab546d2997c753ac21bf4854920
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/pull/12826/changes/167f16e4805d8ab546d2997c753ac21bf4854920
3
reference_url https://github.com/concretecms/concretecms/pull/12826/changes/167f16e4805d8ab546d2997c753ac21bf4854920://
reference_id 167f16e4805d8ab546d2997c753ac21bf4854920:
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T16:02:03Z/
url https://github.com/concretecms/concretecms/pull/12826/changes/167f16e4805d8ab546d2997c753ac21bf4854920://
4
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes
reference_id 948-release-notes
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T16:02:03Z/
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3452
reference_id CVE-2026-3452
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3452
6
reference_url https://github.com/advisories/GHSA-gj26-w59c-29mf
reference_id GHSA-gj26-w59c-29mf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gj26-w59c-29mf
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.4.8
purl pkg:composer/concrete5/concrete5@9.4.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8
aliases CVE-2026-3452, GHSA-gj26-w59c-29mf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rkx3-e4r3-c3gh
46
url VCID-tgvt-rgwm-d7de
vulnerability_id VCID-tgvt-rgwm-d7de
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-44760
reference_id
reference_type
scores
0
value 0.00233
scoring_system epss
scoring_elements 0.46352
published_at 2026-06-11T12:55:00Z
1
value 0.00233
scoring_system epss
scoring_elements 0.46497
published_at 2026-06-12T12:55:00Z
2
value 0.00233
scoring_system epss
scoring_elements 0.46507
published_at 2026-06-13T12:55:00Z
3
value 0.00233
scoring_system epss
scoring_elements 0.46494
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-44760
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/sromanhu/ConcreteCMS-Stored-XSS---TrackingCodes
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sromanhu/ConcreteCMS-Stored-XSS---TrackingCodes
3
reference_url https://github.com/sromanhu/CVE-2023-44760_ConcreteCMS-Stored-XSS---TrackingCodes/issues/1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sromanhu/CVE-2023-44760_ConcreteCMS-Stored-XSS---TrackingCodes/issues/1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-44760
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-44760
5
reference_url https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-31-concrete-cms-rejects-cve-2023-44760-and-cve-2023-44766
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-31-concrete-cms-rejects-cve-2023-44760-and-cve-2023-44766
6
reference_url https://github.com/advisories/GHSA-4qv6-37xq-mgq2
reference_id GHSA-4qv6-37xq-mgq2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4qv6-37xq-mgq2
fixed_packages
aliases CVE-2023-44760, GHSA-4qv6-37xq-mgq2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tgvt-rgwm-d7de
47
url VCID-tt5n-k5h8-xufp
vulnerability_id VCID-tt5n-k5h8-xufp
summary
references
0
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
1
reference_url https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc5.md
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc5.md
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-2967
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-2967
3
reference_url https://vuldb.com/?ctiid.302019
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vuldb.com/?ctiid.302019
4
reference_url https://vuldb.com/?id.302019
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vuldb.com/?id.302019
5
reference_url https://vuldb.com/?submit.522417
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vuldb.com/?submit.522417
6
reference_url https://github.com/advisories/GHSA-xfqf-5rhg-5c73
reference_id GHSA-xfqf-5rhg-5c73
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xfqf-5rhg-5c73
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.4.0RC1
purl pkg:composer/concrete5/concrete5@9.4.0RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d4bd-m93f-aqf2
1
vulnerability VCID-dgf1-ded8-4uef
2
vulnerability VCID-dx1t-b982-5ucd
3
vulnerability VCID-g134-5qhy-mudn
4
vulnerability VCID-nahk-p3f1-8bee
5
vulnerability VCID-qndd-2vmq-guen
6
vulnerability VCID-rkx3-e4r3-c3gh
7
vulnerability VCID-v39f-kpce-2qhz
8
vulnerability VCID-vdtu-qtuw-v3fs
9
vulnerability VCID-x48e-w1z4-57ab
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.0RC1
aliases CVE-2025-2967, GHSA-xfqf-5rhg-5c73
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tt5n-k5h8-xufp
48
url VCID-ty11-5ff4-s7av
vulnerability_id VCID-ty11-5ff4-s7av
summary Concrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Request Forgery (CSRF) via ccm/calendar/dialogs/event/delete/submit. An attacker can force an admin to delete events on the site because the event ID is numeric and sequential.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-48653
reference_id
reference_type
scores
0
value 0.00839
scoring_system epss
scoring_elements 0.75217
published_at 2026-06-14T12:55:00Z
1
value 0.00839
scoring_system epss
scoring_elements 0.7522
published_at 2026-06-13T12:55:00Z
2
value 0.00839
scoring_system epss
scoring_elements 0.75137
published_at 2026-06-11T12:55:00Z
3
value 0.00839
scoring_system epss
scoring_elements 0.75207
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-48653
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/commit/077755e6bbbc1c67b7508add9e3d207e8d8909a0
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/077755e6bbbc1c67b7508add9e3d207e8d8909a0
3
reference_url https://github.com/concretecms/concretecms/commit/5b93470bcccf271810d3a0b190368ce6a9d6c84b
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/5b93470bcccf271810d3a0b190368ce6a9d6c84b
4
reference_url https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates
reference_id 2023-12-05-concrete-cms-new-cves-and-cve-updates
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:21:08Z/
url https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates
5
reference_url https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes
reference_id 923-release-notes
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:21:08Z/
url https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-48653
reference_id CVE-2023-48653
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-48653
7
reference_url https://github.com/advisories/GHSA-3rxx-8f33-7p6p
reference_id GHSA-3rxx-8f33-7p6p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3rxx-8f33-7p6p
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.14
purl pkg:composer/concrete5/concrete5@8.5.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2a3x-n2fy-eqce
1
vulnerability VCID-3514-7uhf-pufd
2
vulnerability VCID-542x-fkyy-sfcp
3
vulnerability VCID-7mj3-9jvf-vudw
4
vulnerability VCID-8war-c3pp-kuf5
5
vulnerability VCID-9j62-yk3f-bfgk
6
vulnerability VCID-c2xh-rq7d-wqey
7
vulnerability VCID-d263-cpsv-fkeg
8
vulnerability VCID-d4bd-m93f-aqf2
9
vulnerability VCID-dgf1-ded8-4uef
10
vulnerability VCID-dx1t-b982-5ucd
11
vulnerability VCID-g134-5qhy-mudn
12
vulnerability VCID-hdw7-spv5-k3c6
13
vulnerability VCID-htqe-191f-1yab
14
vulnerability VCID-nahk-p3f1-8bee
15
vulnerability VCID-nuz6-12nr-2yga
16
vulnerability VCID-qndd-2vmq-guen
17
vulnerability VCID-rgjf-p329-vbf8
18
vulnerability VCID-rkx3-e4r3-c3gh
19
vulnerability VCID-tt5n-k5h8-xufp
20
vulnerability VCID-v39f-kpce-2qhz
21
vulnerability VCID-vdtu-qtuw-v3fs
22
vulnerability VCID-wau6-kvqa-pbgu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.14
1
url pkg:composer/concrete5/concrete5@9.2.3
purl pkg:composer/concrete5/concrete5@9.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2a3x-n2fy-eqce
1
vulnerability VCID-2x2h-cef1-yfee
2
vulnerability VCID-3514-7uhf-pufd
3
vulnerability VCID-542x-fkyy-sfcp
4
vulnerability VCID-7mj3-9jvf-vudw
5
vulnerability VCID-8war-c3pp-kuf5
6
vulnerability VCID-9j62-yk3f-bfgk
7
vulnerability VCID-9z1s-b811-3ug2
8
vulnerability VCID-c2xh-rq7d-wqey
9
vulnerability VCID-d4bd-m93f-aqf2
10
vulnerability VCID-dgf1-ded8-4uef
11
vulnerability VCID-dx1t-b982-5ucd
12
vulnerability VCID-eyep-q35n-ebcv
13
vulnerability VCID-g134-5qhy-mudn
14
vulnerability VCID-hdw7-spv5-k3c6
15
vulnerability VCID-htqe-191f-1yab
16
vulnerability VCID-nahk-p3f1-8bee
17
vulnerability VCID-nuz6-12nr-2yga
18
vulnerability VCID-pd9w-6ke4-13hr
19
vulnerability VCID-pgfy-52ca-wbbf
20
vulnerability VCID-qndd-2vmq-guen
21
vulnerability VCID-rgjf-p329-vbf8
22
vulnerability VCID-rkx3-e4r3-c3gh
23
vulnerability VCID-tt5n-k5h8-xufp
24
vulnerability VCID-v39f-kpce-2qhz
25
vulnerability VCID-vdtu-qtuw-v3fs
26
vulnerability VCID-w8rd-ssb2-pkgx
27
vulnerability VCID-wau6-kvqa-pbgu
28
vulnerability VCID-x48e-w1z4-57ab
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.3
aliases CVE-2023-48653, GHSA-3rxx-8f33-7p6p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ty11-5ff4-s7av
49
url VCID-tzyh-y7uc-hff9
vulnerability_id VCID-tzyh-y7uc-hff9
summary Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-48650
reference_id
reference_type
scores
0
value 0.01073
scoring_system epss
scoring_elements 0.78255
published_at 2026-06-14T12:55:00Z
1
value 0.01073
scoring_system epss
scoring_elements 0.78259
published_at 2026-06-13T12:55:00Z
2
value 0.01073
scoring_system epss
scoring_elements 0.78177
published_at 2026-06-11T12:55:00Z
3
value 0.01073
scoring_system epss
scoring_elements 0.78245
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-48650
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/commit/077755e6bbbc1c67b7508add9e3d207e8d8909a0
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/077755e6bbbc1c67b7508add9e3d207e8d8909a0
3
reference_url https://github.com/concretecms/concretecms/commit/5b93470bcccf271810d3a0b190368ce6a9d6c84b
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/5b93470bcccf271810d3a0b190368ce6a9d6c84b
4
reference_url https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates
reference_id 2023-12-05-concrete-cms-new-cves-and-cve-updates
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-01T18:50:14Z/
url https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates
5
reference_url https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes
reference_id 923-release-notes
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-01T18:50:14Z/
url https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-48650
reference_id CVE-2023-48650
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-48650
7
reference_url https://github.com/advisories/GHSA-x577-gcc9-9xjj
reference_id GHSA-x577-gcc9-9xjj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x577-gcc9-9xjj
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.14
purl pkg:composer/concrete5/concrete5@8.5.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2a3x-n2fy-eqce
1
vulnerability VCID-3514-7uhf-pufd
2
vulnerability VCID-542x-fkyy-sfcp
3
vulnerability VCID-7mj3-9jvf-vudw
4
vulnerability VCID-8war-c3pp-kuf5
5
vulnerability VCID-9j62-yk3f-bfgk
6
vulnerability VCID-c2xh-rq7d-wqey
7
vulnerability VCID-d263-cpsv-fkeg
8
vulnerability VCID-d4bd-m93f-aqf2
9
vulnerability VCID-dgf1-ded8-4uef
10
vulnerability VCID-dx1t-b982-5ucd
11
vulnerability VCID-g134-5qhy-mudn
12
vulnerability VCID-hdw7-spv5-k3c6
13
vulnerability VCID-htqe-191f-1yab
14
vulnerability VCID-nahk-p3f1-8bee
15
vulnerability VCID-nuz6-12nr-2yga
16
vulnerability VCID-qndd-2vmq-guen
17
vulnerability VCID-rgjf-p329-vbf8
18
vulnerability VCID-rkx3-e4r3-c3gh
19
vulnerability VCID-tt5n-k5h8-xufp
20
vulnerability VCID-v39f-kpce-2qhz
21
vulnerability VCID-vdtu-qtuw-v3fs
22
vulnerability VCID-wau6-kvqa-pbgu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.14
1
url pkg:composer/concrete5/concrete5@9.2.3
purl pkg:composer/concrete5/concrete5@9.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2a3x-n2fy-eqce
1
vulnerability VCID-2x2h-cef1-yfee
2
vulnerability VCID-3514-7uhf-pufd
3
vulnerability VCID-542x-fkyy-sfcp
4
vulnerability VCID-7mj3-9jvf-vudw
5
vulnerability VCID-8war-c3pp-kuf5
6
vulnerability VCID-9j62-yk3f-bfgk
7
vulnerability VCID-9z1s-b811-3ug2
8
vulnerability VCID-c2xh-rq7d-wqey
9
vulnerability VCID-d4bd-m93f-aqf2
10
vulnerability VCID-dgf1-ded8-4uef
11
vulnerability VCID-dx1t-b982-5ucd
12
vulnerability VCID-eyep-q35n-ebcv
13
vulnerability VCID-g134-5qhy-mudn
14
vulnerability VCID-hdw7-spv5-k3c6
15
vulnerability VCID-htqe-191f-1yab
16
vulnerability VCID-nahk-p3f1-8bee
17
vulnerability VCID-nuz6-12nr-2yga
18
vulnerability VCID-pd9w-6ke4-13hr
19
vulnerability VCID-pgfy-52ca-wbbf
20
vulnerability VCID-qndd-2vmq-guen
21
vulnerability VCID-rgjf-p329-vbf8
22
vulnerability VCID-rkx3-e4r3-c3gh
23
vulnerability VCID-tt5n-k5h8-xufp
24
vulnerability VCID-v39f-kpce-2qhz
25
vulnerability VCID-vdtu-qtuw-v3fs
26
vulnerability VCID-w8rd-ssb2-pkgx
27
vulnerability VCID-wau6-kvqa-pbgu
28
vulnerability VCID-x48e-w1z4-57ab
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.3
aliases CVE-2023-48650, GHSA-x577-gcc9-9xjj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tzyh-y7uc-hff9
50
url VCID-v39f-kpce-2qhz
vulnerability_id VCID-v39f-kpce-2qhz
summary In Concrete CMS below version 9.4.8, A stored cross-site scripting (XSS) vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page names that executes when users search for and view those pages in search results. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks zolpak for reporting
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3244
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01381
published_at 2026-06-12T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01394
published_at 2026-06-14T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01379
published_at 2026-06-11T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.0139
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3244
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/pull/12826
reference_id 12826
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:50:43Z/
url https://github.com/concretecms/concretecms/pull/12826
3
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes
reference_id 948-release-notes
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:50:43Z/
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3244
reference_id CVE-2026-3244
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3244
5
reference_url https://github.com/advisories/GHSA-mm5f-5rqw-574f
reference_id GHSA-mm5f-5rqw-574f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mm5f-5rqw-574f
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.4.8
purl pkg:composer/concrete5/concrete5@9.4.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8
aliases CVE-2026-3244, GHSA-mm5f-5rqw-574f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v39f-kpce-2qhz
51
url VCID-vbae-fwnr-zff5
vulnerability_id VCID-vbae-fwnr-zff5
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-44766
reference_id
reference_type
scores
0
value 0.00189
scoring_system epss
scoring_elements 0.40606
published_at 2026-06-11T12:55:00Z
1
value 0.00189
scoring_system epss
scoring_elements 0.40773
published_at 2026-06-12T12:55:00Z
2
value 0.00189
scoring_system epss
scoring_elements 0.40797
published_at 2026-06-13T12:55:00Z
3
value 0.00189
scoring_system epss
scoring_elements 0.40784
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-44766
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/sromanhu/ConcreteCMS-Stored-XSS---SEO
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sromanhu/ConcreteCMS-Stored-XSS---SEO
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-44766
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-44766
4
reference_url https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-31-concrete-cms-rejects-cve-2023-44760-and-cve-2023-44766
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-31-concrete-cms-rejects-cve-2023-44760-and-cve-2023-44766
5
reference_url https://github.com/advisories/GHSA-437p-jfm4-2387
reference_id GHSA-437p-jfm4-2387
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-437p-jfm4-2387
fixed_packages
aliases CVE-2023-44766, GHSA-437p-jfm4-2387
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vbae-fwnr-zff5
52
url VCID-vdtu-qtuw-v3fs
vulnerability_id VCID-vdtu-qtuw-v3fs
summary Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam Allowlist Group Configuration via group_id parameter which can leads to a security bypass since changes are saved prior to checking the CSRF token. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks z3rco for reporting
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2994
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01454
published_at 2026-06-11T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01471
published_at 2026-06-14T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01456
published_at 2026-06-12T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01463
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2994
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/pull/12826
reference_id 12826
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:04:57Z/
url https://github.com/concretecms/concretecms/pull/12826
3
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes
reference_id 948-release-notes
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:04:57Z/
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2994
reference_id CVE-2026-2994
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2994
5
reference_url https://github.com/advisories/GHSA-6mxw-2vhf-42g5
reference_id GHSA-6mxw-2vhf-42g5
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6mxw-2vhf-42g5
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.4.8
purl pkg:composer/concrete5/concrete5@9.4.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8
aliases CVE-2026-2994, GHSA-6mxw-2vhf-42g5
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vdtu-qtuw-v3fs
53
url VCID-wau6-kvqa-pbgu
vulnerability_id VCID-wau6-kvqa-pbgu
summary Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave this vulnerability a CVSS v4 score of 5.1 with vector https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Thanks, m3dium for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-4350
reference_id
reference_type
scores
0
value 0.01032
scoring_system epss
scoring_elements 0.77756
published_at 2026-06-11T12:55:00Z
1
value 0.01032
scoring_system epss
scoring_elements 0.77831
published_at 2026-06-14T12:55:00Z
2
value 0.01032
scoring_system epss
scoring_elements 0.77825
published_at 2026-06-12T12:55:00Z
3
value 0.01032
scoring_system epss
scoring_elements 0.77838
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-4350
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/commit/55e485e06b0b3342613a55af6a7c61d939d2ccb5
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/55e485e06b0b3342613a55af6a7c61d939d2ccb5
3
reference_url https://github.com/concretecms/concretecms/pull/12166
reference_id 12166
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:51:55Z/
url https://github.com/concretecms/concretecms/pull/12166
4
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8518-release-notes?pk_vid=e367a434ef4830491723055758d52041
reference_id 8518-release-notes?pk_vid=e367a434ef4830491723055758d52041
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:51:55Z/
url https://documentation.concretecms.org/developers/introduction/version-history/8518-release-notes?pk_vid=e367a434ef4830491723055758d52041
5
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723060415d52041
reference_id 933-release-notes?pk_vid=e367a434ef4830491723060415d52041
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:51:55Z/
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723060415d52041
6
reference_url https://github.com/concretecms/concretecms/commit/c08d9671cec4e7afdabb547339c4bc0bed8eab06
reference_id c08d9671cec4e7afdabb547339c4bc0bed8eab06
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:51:55Z/
url https://github.com/concretecms/concretecms/commit/c08d9671cec4e7afdabb547339c4bc0bed8eab06
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-4350
reference_id CVE-2024-4350
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-4350
8
reference_url https://github.com/advisories/GHSA-q5wx-m95r-4cgc
reference_id GHSA-q5wx-m95r-4cgc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q5wx-m95r-4cgc
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.18
purl pkg:composer/concrete5/concrete5@8.5.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mj3-9jvf-vudw
1
vulnerability VCID-c2xh-rq7d-wqey
2
vulnerability VCID-d4bd-m93f-aqf2
3
vulnerability VCID-dgf1-ded8-4uef
4
vulnerability VCID-dx1t-b982-5ucd
5
vulnerability VCID-g134-5qhy-mudn
6
vulnerability VCID-htqe-191f-1yab
7
vulnerability VCID-nahk-p3f1-8bee
8
vulnerability VCID-nuz6-12nr-2yga
9
vulnerability VCID-qndd-2vmq-guen
10
vulnerability VCID-rkx3-e4r3-c3gh
11
vulnerability VCID-tt5n-k5h8-xufp
12
vulnerability VCID-v39f-kpce-2qhz
13
vulnerability VCID-vdtu-qtuw-v3fs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.18
1
url pkg:composer/concrete5/concrete5@9.3.3
purl pkg:composer/concrete5/concrete5@9.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mj3-9jvf-vudw
1
vulnerability VCID-c2xh-rq7d-wqey
2
vulnerability VCID-d4bd-m93f-aqf2
3
vulnerability VCID-dgf1-ded8-4uef
4
vulnerability VCID-dx1t-b982-5ucd
5
vulnerability VCID-g134-5qhy-mudn
6
vulnerability VCID-htqe-191f-1yab
7
vulnerability VCID-nahk-p3f1-8bee
8
vulnerability VCID-nuz6-12nr-2yga
9
vulnerability VCID-qndd-2vmq-guen
10
vulnerability VCID-rkx3-e4r3-c3gh
11
vulnerability VCID-tt5n-k5h8-xufp
12
vulnerability VCID-v39f-kpce-2qhz
13
vulnerability VCID-vdtu-qtuw-v3fs
14
vulnerability VCID-x48e-w1z4-57ab
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.3.3
aliases CVE-2024-4350, GHSA-q5wx-m95r-4cgc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wau6-kvqa-pbgu
54
url VCID-wqt4-uc3s-zbdn
vulnerability_id VCID-wqt4-uc3s-zbdn
summary Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-48649
reference_id
reference_type
scores
0
value 0.01256
scoring_system epss
scoring_elements 0.79877
published_at 2026-06-13T12:55:00Z
1
value 0.01256
scoring_system epss
scoring_elements 0.79869
published_at 2026-06-14T12:55:00Z
2
value 0.01256
scoring_system epss
scoring_elements 0.79794
published_at 2026-06-11T12:55:00Z
3
value 0.01256
scoring_system epss
scoring_elements 0.79859
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-48649
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-48649
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-48649
3
reference_url https://github.com/concretecms/concretecms/pull/11695
reference_id 11695
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R
1
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T14:36:47Z/
url https://github.com/concretecms/concretecms/pull/11695
4
reference_url https://github.com/concretecms/concretecms/pull/11739
reference_id 11739
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R
1
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T14:36:47Z/
url https://github.com/concretecms/concretecms/pull/11739
5
reference_url https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release
reference_id 2023-11-09-security-blog-about-updated-cves-and-new-release
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T14:36:47Z/
url https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release
6
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes
reference_id 8513-release-notes
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R
1
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T14:36:47Z/
url https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes
7
reference_url https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes
reference_id 922-release-notes
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T14:36:47Z/
url https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes
8
reference_url https://github.com/advisories/GHSA-36fr-3wg8-q5v8
reference_id GHSA-36fr-3wg8-q5v8
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-36fr-3wg8-q5v8
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.13
purl pkg:composer/concrete5/concrete5@8.5.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2a3x-n2fy-eqce
1
vulnerability VCID-3514-7uhf-pufd
2
vulnerability VCID-542x-fkyy-sfcp
3
vulnerability VCID-7mj3-9jvf-vudw
4
vulnerability VCID-8war-c3pp-kuf5
5
vulnerability VCID-9j62-yk3f-bfgk
6
vulnerability VCID-c2xh-rq7d-wqey
7
vulnerability VCID-d263-cpsv-fkeg
8
vulnerability VCID-d4bd-m93f-aqf2
9
vulnerability VCID-dgf1-ded8-4uef
10
vulnerability VCID-dx1t-b982-5ucd
11
vulnerability VCID-g134-5qhy-mudn
12
vulnerability VCID-hdw7-spv5-k3c6
13
vulnerability VCID-htqe-191f-1yab
14
vulnerability VCID-nahk-p3f1-8bee
15
vulnerability VCID-nuz6-12nr-2yga
16
vulnerability VCID-qndd-2vmq-guen
17
vulnerability VCID-rgjf-p329-vbf8
18
vulnerability VCID-rkx3-e4r3-c3gh
19
vulnerability VCID-tt5n-k5h8-xufp
20
vulnerability VCID-ty11-5ff4-s7av
21
vulnerability VCID-tzyh-y7uc-hff9
22
vulnerability VCID-v39f-kpce-2qhz
23
vulnerability VCID-vdtu-qtuw-v3fs
24
vulnerability VCID-wau6-kvqa-pbgu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.13
1
url pkg:composer/concrete5/concrete5@9.2.2
purl pkg:composer/concrete5/concrete5@9.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2a3x-n2fy-eqce
1
vulnerability VCID-2x2h-cef1-yfee
2
vulnerability VCID-3514-7uhf-pufd
3
vulnerability VCID-542x-fkyy-sfcp
4
vulnerability VCID-7mj3-9jvf-vudw
5
vulnerability VCID-8war-c3pp-kuf5
6
vulnerability VCID-9j62-yk3f-bfgk
7
vulnerability VCID-9z1s-b811-3ug2
8
vulnerability VCID-c2xh-rq7d-wqey
9
vulnerability VCID-chav-mybs-syd2
10
vulnerability VCID-d263-cpsv-fkeg
11
vulnerability VCID-d4bd-m93f-aqf2
12
vulnerability VCID-dgf1-ded8-4uef
13
vulnerability VCID-dx1t-b982-5ucd
14
vulnerability VCID-eyep-q35n-ebcv
15
vulnerability VCID-g134-5qhy-mudn
16
vulnerability VCID-hdw7-spv5-k3c6
17
vulnerability VCID-htqe-191f-1yab
18
vulnerability VCID-nahk-p3f1-8bee
19
vulnerability VCID-nuz6-12nr-2yga
20
vulnerability VCID-pd9w-6ke4-13hr
21
vulnerability VCID-pgfy-52ca-wbbf
22
vulnerability VCID-qndd-2vmq-guen
23
vulnerability VCID-rgjf-p329-vbf8
24
vulnerability VCID-rkx3-e4r3-c3gh
25
vulnerability VCID-tt5n-k5h8-xufp
26
vulnerability VCID-ty11-5ff4-s7av
27
vulnerability VCID-tzyh-y7uc-hff9
28
vulnerability VCID-v39f-kpce-2qhz
29
vulnerability VCID-vdtu-qtuw-v3fs
30
vulnerability VCID-w8rd-ssb2-pkgx
31
vulnerability VCID-wau6-kvqa-pbgu
32
vulnerability VCID-x48e-w1z4-57ab
33
vulnerability VCID-yc8g-gqaj-8ycj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.2
aliases CVE-2023-48649, GHSA-36fr-3wg8-q5v8
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wqt4-uc3s-zbdn
55
url VCID-xfwe-ku14-gfe7
vulnerability_id VCID-xfwe-ku14-gfe7
summary Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43694
reference_id
reference_type
scores
0
value 0.00853
scoring_system epss
scoring_elements 0.75376
published_at 2026-06-11T12:55:00Z
1
value 0.00853
scoring_system epss
scoring_elements 0.75455
published_at 2026-06-14T12:55:00Z
2
value 0.00853
scoring_system epss
scoring_elements 0.7546
published_at 2026-06-13T12:55:00Z
3
value 0.00853
scoring_system epss
scoring_elements 0.75447
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43694
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/releases/8.5.10
reference_id 8.5.10
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:06:49Z/
url https://github.com/concretecms/concretecms/releases/8.5.10
3
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
reference_id 8510-release-notes
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:06:49Z/
url https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
4
reference_url https://github.com/concretecms/concretecms/releases/9.1.3
reference_id 9.1.3
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:06:49Z/
url https://github.com/concretecms/concretecms/releases/9.1.3
5
reference_url https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
reference_id 913-release-notes
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:06:49Z/
url https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
6
reference_url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
reference_id concrete-cms-security-advisory-2022-10-31
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:06:49Z/
url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-43694
reference_id CVE-2022-43694
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-43694
8
reference_url https://github.com/advisories/GHSA-jfmc-3975-fv5f
reference_id GHSA-jfmc-3975-fv5f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jfmc-3975-fv5f
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.10
purl pkg:composer/concrete5/concrete5@8.5.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2fk1-gqz6-kbcy
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-542x-fkyy-sfcp
5
vulnerability VCID-69vg-twmj-jfb2
6
vulnerability VCID-7mj3-9jvf-vudw
7
vulnerability VCID-7whk-wmkw-vuec
8
vulnerability VCID-8war-c3pp-kuf5
9
vulnerability VCID-9j62-yk3f-bfgk
10
vulnerability VCID-acs4-8efj-jqa5
11
vulnerability VCID-afq8-b83x-ckfn
12
vulnerability VCID-bbxq-cdbp-vucg
13
vulnerability VCID-c2xh-rq7d-wqey
14
vulnerability VCID-cyhv-k8b7-u3dc
15
vulnerability VCID-d263-cpsv-fkeg
16
vulnerability VCID-d4bd-m93f-aqf2
17
vulnerability VCID-dgf1-ded8-4uef
18
vulnerability VCID-dx1t-b982-5ucd
19
vulnerability VCID-e9xf-aufp-7ffa
20
vulnerability VCID-fvdb-zeth-8qh7
21
vulnerability VCID-g134-5qhy-mudn
22
vulnerability VCID-gg3x-yz6u-nygp
23
vulnerability VCID-hdw7-spv5-k3c6
24
vulnerability VCID-htqe-191f-1yab
25
vulnerability VCID-j9t7-y29v-6bb7
26
vulnerability VCID-m9p2-uh8x-zuh8
27
vulnerability VCID-n6yd-31cx-zqh2
28
vulnerability VCID-nahk-p3f1-8bee
29
vulnerability VCID-nuz6-12nr-2yga
30
vulnerability VCID-pbqg-vpwf-rkfr
31
vulnerability VCID-qndd-2vmq-guen
32
vulnerability VCID-rgjf-p329-vbf8
33
vulnerability VCID-rkx3-e4r3-c3gh
34
vulnerability VCID-tgvt-rgwm-d7de
35
vulnerability VCID-tt5n-k5h8-xufp
36
vulnerability VCID-ty11-5ff4-s7av
37
vulnerability VCID-tzyh-y7uc-hff9
38
vulnerability VCID-v39f-kpce-2qhz
39
vulnerability VCID-vbae-fwnr-zff5
40
vulnerability VCID-vdtu-qtuw-v3fs
41
vulnerability VCID-wau6-kvqa-pbgu
42
vulnerability VCID-wqt4-uc3s-zbdn
43
vulnerability VCID-yjan-urxm-g3a4
44
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10
1
url pkg:composer/concrete5/concrete5@9.1.3
purl pkg:composer/concrete5/concrete5@9.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zw6-abpq-aqee
1
vulnerability VCID-2a3x-n2fy-eqce
2
vulnerability VCID-2x2h-cef1-yfee
3
vulnerability VCID-3514-7uhf-pufd
4
vulnerability VCID-542x-fkyy-sfcp
5
vulnerability VCID-69vg-twmj-jfb2
6
vulnerability VCID-7mj3-9jvf-vudw
7
vulnerability VCID-7whk-wmkw-vuec
8
vulnerability VCID-8war-c3pp-kuf5
9
vulnerability VCID-9j62-yk3f-bfgk
10
vulnerability VCID-9z1s-b811-3ug2
11
vulnerability VCID-acs4-8efj-jqa5
12
vulnerability VCID-afq8-b83x-ckfn
13
vulnerability VCID-bbxq-cdbp-vucg
14
vulnerability VCID-c2xh-rq7d-wqey
15
vulnerability VCID-chav-mybs-syd2
16
vulnerability VCID-cyhv-k8b7-u3dc
17
vulnerability VCID-d263-cpsv-fkeg
18
vulnerability VCID-d4bd-m93f-aqf2
19
vulnerability VCID-dgf1-ded8-4uef
20
vulnerability VCID-dx1t-b982-5ucd
21
vulnerability VCID-eyep-q35n-ebcv
22
vulnerability VCID-fvdb-zeth-8qh7
23
vulnerability VCID-g134-5qhy-mudn
24
vulnerability VCID-gg3x-yz6u-nygp
25
vulnerability VCID-hdw7-spv5-k3c6
26
vulnerability VCID-htqe-191f-1yab
27
vulnerability VCID-j9t7-y29v-6bb7
28
vulnerability VCID-m9p2-uh8x-zuh8
29
vulnerability VCID-n6yd-31cx-zqh2
30
vulnerability VCID-nahk-p3f1-8bee
31
vulnerability VCID-nuz6-12nr-2yga
32
vulnerability VCID-pd9w-6ke4-13hr
33
vulnerability VCID-pgfy-52ca-wbbf
34
vulnerability VCID-qndd-2vmq-guen
35
vulnerability VCID-rgjf-p329-vbf8
36
vulnerability VCID-rkx3-e4r3-c3gh
37
vulnerability VCID-s6vy-zjm8-n7bc
38
vulnerability VCID-tgvt-rgwm-d7de
39
vulnerability VCID-tt5n-k5h8-xufp
40
vulnerability VCID-ty11-5ff4-s7av
41
vulnerability VCID-tzyh-y7uc-hff9
42
vulnerability VCID-v39f-kpce-2qhz
43
vulnerability VCID-vbae-fwnr-zff5
44
vulnerability VCID-vdtu-qtuw-v3fs
45
vulnerability VCID-w8rd-ssb2-pkgx
46
vulnerability VCID-wau6-kvqa-pbgu
47
vulnerability VCID-wqt4-uc3s-zbdn
48
vulnerability VCID-x48e-w1z4-57ab
49
vulnerability VCID-yc8g-gqaj-8ycj
50
vulnerability VCID-yjan-urxm-g3a4
51
vulnerability VCID-yu9q-pa9p-huck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3
aliases CVE-2022-43694, GHSA-jfmc-3975-fv5f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xfwe-ku14-gfe7
56
url VCID-yjan-urxm-g3a4
vulnerability_id VCID-yjan-urxm-g3a4
summary Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28473
reference_id
reference_type
scores
0
value 0.0074
scoring_system epss
scoring_elements 0.73474
published_at 2026-06-14T12:55:00Z
1
value 0.0074
scoring_system epss
scoring_elements 0.73476
published_at 2026-06-13T12:55:00Z
2
value 0.0074
scoring_system epss
scoring_elements 0.73461
published_at 2026-06-12T12:55:00Z
3
value 0.0074
scoring_system epss
scoring_elements 0.73386
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28473
1
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms
2
reference_url https://github.com/concretecms/concretecms/pull/11749
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/pull/11749
3
reference_url https://github.com/concretecms/concretecms/releases/tag/8.5.13
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/releases/tag/8.5.13
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28473
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28473
5
reference_url https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release
reference_id 2023-11-09-security-blog-about-updated-cves-and-new-release
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:41:07Z/
url https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release
6
reference_url https://concretecms.com
reference_id concretecms.com
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:41:07Z/
url https://concretecms.com
7
reference_url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20
reference_id concrete-cms-security-advisory-2023-04-20
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:41:07Z/
url https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20
8
reference_url https://github.com/advisories/GHSA-pj76-75cm-3552
reference_id GHSA-pj76-75cm-3552
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pj76-75cm-3552
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.2.0
purl pkg:composer/concrete5/concrete5@9.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2a3x-n2fy-eqce
1
vulnerability VCID-2x2h-cef1-yfee
2
vulnerability VCID-3514-7uhf-pufd
3
vulnerability VCID-542x-fkyy-sfcp
4
vulnerability VCID-7mj3-9jvf-vudw
5
vulnerability VCID-7whk-wmkw-vuec
6
vulnerability VCID-8war-c3pp-kuf5
7
vulnerability VCID-9j62-yk3f-bfgk
8
vulnerability VCID-9z1s-b811-3ug2
9
vulnerability VCID-acs4-8efj-jqa5
10
vulnerability VCID-afq8-b83x-ckfn
11
vulnerability VCID-c2xh-rq7d-wqey
12
vulnerability VCID-chav-mybs-syd2
13
vulnerability VCID-d263-cpsv-fkeg
14
vulnerability VCID-d4bd-m93f-aqf2
15
vulnerability VCID-dgf1-ded8-4uef
16
vulnerability VCID-dx1t-b982-5ucd
17
vulnerability VCID-eyep-q35n-ebcv
18
vulnerability VCID-fvdb-zeth-8qh7
19
vulnerability VCID-g134-5qhy-mudn
20
vulnerability VCID-gg3x-yz6u-nygp
21
vulnerability VCID-hdw7-spv5-k3c6
22
vulnerability VCID-htqe-191f-1yab
23
vulnerability VCID-n6yd-31cx-zqh2
24
vulnerability VCID-nahk-p3f1-8bee
25
vulnerability VCID-nuz6-12nr-2yga
26
vulnerability VCID-pd9w-6ke4-13hr
27
vulnerability VCID-pgfy-52ca-wbbf
28
vulnerability VCID-qndd-2vmq-guen
29
vulnerability VCID-rgjf-p329-vbf8
30
vulnerability VCID-rkx3-e4r3-c3gh
31
vulnerability VCID-tgvt-rgwm-d7de
32
vulnerability VCID-tt5n-k5h8-xufp
33
vulnerability VCID-ty11-5ff4-s7av
34
vulnerability VCID-tzyh-y7uc-hff9
35
vulnerability VCID-v39f-kpce-2qhz
36
vulnerability VCID-vbae-fwnr-zff5
37
vulnerability VCID-vdtu-qtuw-v3fs
38
vulnerability VCID-w8rd-ssb2-pkgx
39
vulnerability VCID-wau6-kvqa-pbgu
40
vulnerability VCID-wqt4-uc3s-zbdn
41
vulnerability VCID-x48e-w1z4-57ab
42
vulnerability VCID-yc8g-gqaj-8ycj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0
aliases CVE-2023-28473, GHSA-pj76-75cm-3552
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yjan-urxm-g3a4
57
url VCID-yu9q-pa9p-huck
vulnerability_id VCID-yu9q-pa9p-huck
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28475
reference_id
reference_type
scores
0
value 0.02087
scoring_system epss
scoring_elements 0.84375
published_at 2026-06-11T12:55:00Z
1
value 0.02087
scoring_system epss
scoring_elements 0.8443
published_at 2026-06-12T12:55:00Z
2
value 0.02087
scoring_system epss
scoring_elements 0.84439
published_at 2026-06-13T12:55:00Z
3
value 0.02087
scoring_system epss
scoring_elements 0.84432
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28475
1
reference_url https://github.com/concretecms/concretecms/commit/861ba66d248165c9ee9d6d11a0457908b97d68f0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/concretecms/concretecms/commit/861ba66d248165c9ee9d6d11a0457908b97d68f0
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28475
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28475
3
reference_url https://github.com/advisories/GHSA-vcpr-hm2m-gjjj
reference_id GHSA-vcpr-hm2m-gjjj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vcpr-hm2m-gjjj
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.2.0
purl pkg:composer/concrete5/concrete5@9.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2a3x-n2fy-eqce
1
vulnerability VCID-2x2h-cef1-yfee
2
vulnerability VCID-3514-7uhf-pufd
3
vulnerability VCID-542x-fkyy-sfcp
4
vulnerability VCID-7mj3-9jvf-vudw
5
vulnerability VCID-7whk-wmkw-vuec
6
vulnerability VCID-8war-c3pp-kuf5
7
vulnerability VCID-9j62-yk3f-bfgk
8
vulnerability VCID-9z1s-b811-3ug2
9
vulnerability VCID-acs4-8efj-jqa5
10
vulnerability VCID-afq8-b83x-ckfn
11
vulnerability VCID-c2xh-rq7d-wqey
12
vulnerability VCID-chav-mybs-syd2
13
vulnerability VCID-d263-cpsv-fkeg
14
vulnerability VCID-d4bd-m93f-aqf2
15
vulnerability VCID-dgf1-ded8-4uef
16
vulnerability VCID-dx1t-b982-5ucd
17
vulnerability VCID-eyep-q35n-ebcv
18
vulnerability VCID-fvdb-zeth-8qh7
19
vulnerability VCID-g134-5qhy-mudn
20
vulnerability VCID-gg3x-yz6u-nygp
21
vulnerability VCID-hdw7-spv5-k3c6
22
vulnerability VCID-htqe-191f-1yab
23
vulnerability VCID-n6yd-31cx-zqh2
24
vulnerability VCID-nahk-p3f1-8bee
25
vulnerability VCID-nuz6-12nr-2yga
26
vulnerability VCID-pd9w-6ke4-13hr
27
vulnerability VCID-pgfy-52ca-wbbf
28
vulnerability VCID-qndd-2vmq-guen
29
vulnerability VCID-rgjf-p329-vbf8
30
vulnerability VCID-rkx3-e4r3-c3gh
31
vulnerability VCID-tgvt-rgwm-d7de
32
vulnerability VCID-tt5n-k5h8-xufp
33
vulnerability VCID-ty11-5ff4-s7av
34
vulnerability VCID-tzyh-y7uc-hff9
35
vulnerability VCID-v39f-kpce-2qhz
36
vulnerability VCID-vbae-fwnr-zff5
37
vulnerability VCID-vdtu-qtuw-v3fs
38
vulnerability VCID-w8rd-ssb2-pkgx
39
vulnerability VCID-wau6-kvqa-pbgu
40
vulnerability VCID-wqt4-uc3s-zbdn
41
vulnerability VCID-x48e-w1z4-57ab
42
vulnerability VCID-yc8g-gqaj-8ycj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0
aliases CVE-2023-28475, GHSA-vcpr-hm2m-gjjj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yu9q-pa9p-huck
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.9