Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/596291?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/596291?format=api", "purl": "pkg:composer/concrete5/concrete5@9.1.1", "type": "composer", "namespace": "concrete5", "name": "concrete5", "version": "9.1.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.4.8", "latest_non_vulnerable_version": "9.4.8", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/355650?format=api", "vulnerability_id": "VCID-1zw6-abpq-aqee", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28476", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01758", "scoring_system": "epss", "scoring_elements": "0.83067", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01758", "scoring_system": "epss", "scoring_elements": "0.83071", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01758", "scoring_system": "epss", "scoring_elements": "0.83075", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01758", "scoring_system": "epss", "scoring_elements": "0.83005", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28476" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28476", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28476" }, { "reference_url": "https://github.com/advisories/GHSA-2ggc-552c-rmqr", "reference_id": "GHSA-2ggc-552c-rmqr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2ggc-552c-rmqr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379355?format=api", "purl": "pkg:composer/concrete5/concrete5@9.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-7whk-wmkw-vuec" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-acs4-8efj-jqa5" }, { "vulnerability": "VCID-afq8-b83x-ckfn" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-chav-mybs-syd2" }, { "vulnerability": "VCID-d263-cpsv-fkeg" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-fvdb-zeth-8qh7" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-gg3x-yz6u-nygp" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-n6yd-31cx-zqh2" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tgvt-rgwm-d7de" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-ty11-5ff4-s7av" }, { "vulnerability": "VCID-tzyh-y7uc-hff9" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vbae-fwnr-zff5" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-wqt4-uc3s-zbdn" }, { "vulnerability": "VCID-x48e-w1z4-57ab" }, { "vulnerability": "VCID-yc8g-gqaj-8ycj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0" } ], "aliases": [ "CVE-2023-28476", "GHSA-2ggc-552c-rmqr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1zw6-abpq-aqee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64134?format=api", "vulnerability_id": "VCID-2a3x-n2fy-eqce", "summary": "Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3180", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28128", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28142", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28153", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.2793", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3180" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.", "reference_id": "8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T19:52:55Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA." }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.", "reference_id": "928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T19:52:55Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA." }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3180", "reference_id": "CVE-2024-3180", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3180" }, { "reference_url": "https://github.com/advisories/GHSA-9qhc-pg6j-wf23", "reference_id": "GHSA-9qhc-pg6j-wf23", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9qhc-pg6j-wf23" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30163?format=api", "purl": "pkg:composer/concrete5/concrete5@9.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-x48e-w1z4-57ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8" } ], "aliases": [ "CVE-2024-3180", "GHSA-9qhc-pg6j-wf23" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2a3x-n2fy-eqce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54105?format=api", "vulnerability_id": "VCID-2x2h-cef1-yfee", "summary": "Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1245", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68547", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68645", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68649", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68636", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1245" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/59a07472ad6349a2c5fb455837a54ed1fe3f6953", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/59a07472ad6349a2c5fb455837a54ed1fe3f6953" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory", "reference_id": "2024-02-04-security-advisory", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T16:13:24Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory" }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes", "reference_id": "925-release-notes", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T16:13:24Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1245", "reference_id": "CVE-2024-1245", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1245" }, { "reference_url": "https://github.com/advisories/GHSA-mgp6-j658-vcw9", "reference_id": "GHSA-mgp6-j658-vcw9", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mgp6-j658-vcw9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28873?format=api", "purl": "pkg:composer/concrete5/concrete5@9.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-x48e-w1z4-57ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.5" } ], "aliases": [ "CVE-2024-1245", "GHSA-mgp6-j658-vcw9" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2x2h-cef1-yfee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64296?format=api", "vulnerability_id": "VCID-3514-7uhf-pufd", "summary": "Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All administrators have access to the File Manager and hence could create a search filter with the malicious code attached. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator .", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28128", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28142", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28153", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.2793", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3178" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/11988", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/pull/11988" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/11989", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/pull/11989" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.", "reference_id": "8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T19:59:20Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA." }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.", "reference_id": "928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T19:59:20Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA." }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3178", "reference_id": "CVE-2024-3178", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3178" }, { "reference_url": "https://github.com/advisories/GHSA-xwrh-qxmc-x8c8", "reference_id": "GHSA-xwrh-qxmc-x8c8", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xwrh-qxmc-x8c8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30163?format=api", "purl": "pkg:composer/concrete5/concrete5@9.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-x48e-w1z4-57ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8" } ], "aliases": [ "CVE-2024-3178", "GHSA-xwrh-qxmc-x8c8" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3514-7uhf-pufd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163147?format=api", "vulnerability_id": "VCID-4h16-ay16-qkcs", "summary": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS allows association with an entity name that doesn’t exist or, if it does exist, contains XSS since it was not properly sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43695", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.67375", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.67388", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.67284", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.6739", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43695" }, { "reference_url": "https://github.com/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43695", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43695" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/8.5.10", "reference_id": "8.5.10", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:28:45Z/" } ], "url": "https://github.com/concretecms/concretecms/releases/8.5.10" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes", "reference_id": "8510-release-notes", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:28:45Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/9.1.3", "reference_id": "9.1.3", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:28:45Z/" } ], "url": "https://github.com/concretecms/concretecms/releases/9.1.3" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes", "reference_id": "913-release-notes", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:28:45Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31", "reference_id": "concrete-cms-security-advisory-2022-10-31", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:28:45Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31" }, { "reference_url": "https://github.com/advisories/GHSA-8699-h45g-7hm8", "reference_id": "GHSA-8699-h45g-7hm8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8699-h45g-7hm8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27858?format=api", "purl": "pkg:composer/concrete5/concrete5@9.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zw6-abpq-aqee" }, { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-69vg-twmj-jfb2" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-7whk-wmkw-vuec" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-acs4-8efj-jqa5" }, { "vulnerability": "VCID-afq8-b83x-ckfn" }, { "vulnerability": "VCID-bbxq-cdbp-vucg" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-chav-mybs-syd2" }, { "vulnerability": "VCID-cyhv-k8b7-u3dc" }, { "vulnerability": "VCID-d263-cpsv-fkeg" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-fvdb-zeth-8qh7" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-gg3x-yz6u-nygp" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-j9t7-y29v-6bb7" }, { "vulnerability": "VCID-m9p2-uh8x-zuh8" }, { "vulnerability": "VCID-n6yd-31cx-zqh2" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-s6vy-zjm8-n7bc" }, { "vulnerability": "VCID-tgvt-rgwm-d7de" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-ty11-5ff4-s7av" }, { "vulnerability": "VCID-tzyh-y7uc-hff9" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vbae-fwnr-zff5" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-wqt4-uc3s-zbdn" }, { "vulnerability": "VCID-x48e-w1z4-57ab" }, { "vulnerability": "VCID-yc8g-gqaj-8ycj" }, { "vulnerability": "VCID-yjan-urxm-g3a4" }, { "vulnerability": "VCID-yu9q-pa9p-huck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3" } ], "aliases": [ "CVE-2022-43695", "GHSA-8699-h45g-7hm8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4h16-ay16-qkcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63186?format=api", "vulnerability_id": "VCID-542x-fkyy-sfcp", "summary": "Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5.16 is vulnerable to Stored XSS on the calendar color settings screen since Information input by the user is output without escaping. A rogue administrator could inject malicious javascript into the Calendar Color Settings screen which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.0 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N&version=3.1 https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator \n\nThank you Rikuto Tauchi for reporting", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2753", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48202", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48342", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48339", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48356", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2753" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.", "reference_id": "8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.", "reference_type": "", "scores": [ { "value": "2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:53:05Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA." }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.", "reference_id": "928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.", "reference_type": "", "scores": [ { "value": "2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:53:05Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA." }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2753", "reference_id": "CVE-2024-2753", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2753" }, { "reference_url": "https://github.com/advisories/GHSA-pj42-r64f-4xfq", "reference_id": "GHSA-pj42-r64f-4xfq", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pj42-r64f-4xfq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30163?format=api", "purl": "pkg:composer/concrete5/concrete5@9.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-x48e-w1z4-57ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8" } ], "aliases": [ "CVE-2024-2753", "GHSA-pj42-r64f-4xfq" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-542x-fkyy-sfcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163073?format=api", "vulnerability_id": "VCID-56qq-9y15-nkb7", "summary": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS - user can cause an administrator to trigger reflected XSS with a url if the targeted administrator is using an old browser that lacks XSS protection. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43692", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71591", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71492", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71578", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71589", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43692" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/0bd65388e5a6d455d8b2469fc166f1b6fdf1abbb", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/0bd65388e5a6d455d8b2469fc166f1b6fdf1abbb" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/5e353be6a12764dbc2338246f2c1b6058cdfd037", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/5e353be6a12764dbc2338246f2c1b6058cdfd037" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/10996", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/pull/10996" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/8.5.10", "reference_id": "8.5.10", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:10:04Z/" } ], "url": "https://github.com/concretecms/concretecms/releases/8.5.10" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes", "reference_id": "8510-release-notes", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:10:04Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/9.1.3", "reference_id": "9.1.3", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:10:04Z/" } ], "url": "https://github.com/concretecms/concretecms/releases/9.1.3" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes", "reference_id": "913-release-notes", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:10:04Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31", "reference_id": "concrete-cms-security-advisory-2022-10-31", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:10:04Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43692", "reference_id": "CVE-2022-43692", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43692" }, { "reference_url": "https://github.com/advisories/GHSA-rg6w-c352-p8pg", "reference_id": "GHSA-rg6w-c352-p8pg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rg6w-c352-p8pg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27858?format=api", "purl": "pkg:composer/concrete5/concrete5@9.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zw6-abpq-aqee" }, { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-69vg-twmj-jfb2" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-7whk-wmkw-vuec" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-acs4-8efj-jqa5" }, { "vulnerability": "VCID-afq8-b83x-ckfn" }, { "vulnerability": "VCID-bbxq-cdbp-vucg" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-chav-mybs-syd2" }, { "vulnerability": "VCID-cyhv-k8b7-u3dc" }, { "vulnerability": "VCID-d263-cpsv-fkeg" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-fvdb-zeth-8qh7" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-gg3x-yz6u-nygp" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-j9t7-y29v-6bb7" }, { "vulnerability": "VCID-m9p2-uh8x-zuh8" }, { "vulnerability": "VCID-n6yd-31cx-zqh2" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-s6vy-zjm8-n7bc" }, { "vulnerability": "VCID-tgvt-rgwm-d7de" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-ty11-5ff4-s7av" }, { "vulnerability": "VCID-tzyh-y7uc-hff9" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vbae-fwnr-zff5" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-wqt4-uc3s-zbdn" }, { "vulnerability": "VCID-x48e-w1z4-57ab" }, { "vulnerability": "VCID-yc8g-gqaj-8ycj" }, { "vulnerability": "VCID-yjan-urxm-g3a4" }, { "vulnerability": "VCID-yu9q-pa9p-huck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3" } ], "aliases": [ "CVE-2022-43692", "GHSA-rg6w-c352-p8pg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-56qq-9y15-nkb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/162870?format=api", "vulnerability_id": "VCID-683x-bjfm-j3hh", "summary": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43689", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52667", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52792", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.5281", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52795", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43689" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/8.5.10", "reference_id": "8.5.10", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:16:39Z/" } ], "url": "https://github.com/concretecms/concretecms/releases/8.5.10" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes", "reference_id": "8510-release-notes", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:16:39Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/9.1.3", "reference_id": "9.1.3", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:16:39Z/" } ], "url": "https://github.com/concretecms/concretecms/releases/9.1.3" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes", "reference_id": "913-release-notes", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:16:39Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31", "reference_id": "concrete-cms-security-advisory-2022-10-31", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:16:39Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43689", "reference_id": "CVE-2022-43689", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43689" }, { "reference_url": "https://github.com/advisories/GHSA-q48r-xg9h-78m8", "reference_id": "GHSA-q48r-xg9h-78m8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q48r-xg9h-78m8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27878?format=api", "purl": "pkg:composer/concrete5/concrete5@9.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zw6-abpq-aqee" }, { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-4h16-ay16-qkcs" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-56qq-9y15-nkb7" }, { "vulnerability": "VCID-69vg-twmj-jfb2" }, { "vulnerability": "VCID-71ae-y44g-kbbw" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-7whk-wmkw-vuec" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9kyu-9sz6-1bea" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-acs4-8efj-jqa5" }, { "vulnerability": "VCID-afq8-b83x-ckfn" }, { "vulnerability": "VCID-bbxq-cdbp-vucg" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-chav-mybs-syd2" }, { "vulnerability": "VCID-cyhv-k8b7-u3dc" }, { "vulnerability": "VCID-d263-cpsv-fkeg" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-fvdb-zeth-8qh7" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-g3pw-h46n-fyac" }, { "vulnerability": "VCID-gg3x-yz6u-nygp" }, { "vulnerability": "VCID-h56x-jv8r-a3aq" }, { "vulnerability": "VCID-h67e-b4s5-guac" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-he4r-v9gv-tkdh" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-j9t7-y29v-6bb7" }, { "vulnerability": "VCID-m9p2-uh8x-zuh8" }, { "vulnerability": "VCID-mjce-crza-h7d4" }, { "vulnerability": "VCID-n6yd-31cx-zqh2" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pbwe-39av-sydg" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-pt73-zjft-syhk" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tgvt-rgwm-d7de" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-ty11-5ff4-s7av" }, { "vulnerability": "VCID-tzyh-y7uc-hff9" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vbae-fwnr-zff5" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-wqt4-uc3s-zbdn" }, { "vulnerability": "VCID-x48e-w1z4-57ab" }, { "vulnerability": "VCID-xfwe-ku14-gfe7" }, { "vulnerability": "VCID-yc8g-gqaj-8ycj" }, { "vulnerability": "VCID-yjan-urxm-g3a4" }, { "vulnerability": "VCID-yu9q-pa9p-huck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.2" } ], "aliases": [ "CVE-2022-43689", "GHSA-q48r-xg9h-78m8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-683x-bjfm-j3hh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/134496?format=api", "vulnerability_id": "VCID-69vg-twmj-jfb2", "summary": "Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS via a container name.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28471", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01927", "scoring_system": "epss", "scoring_elements": "0.83763", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01927", "scoring_system": "epss", "scoring_elements": "0.83826", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01927", "scoring_system": "epss", "scoring_elements": "0.83829", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01927", "scoring_system": "epss", "scoring_elements": "0.8382", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28471" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28471", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28471" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates", "reference_id": "2023-12-05-concrete-cms-new-cves-and-cve-updates", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:13Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates" }, { "reference_url": "https://concretecms.com", "reference_id": "concretecms.com", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:13Z/" } ], "url": "https://concretecms.com" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20", "reference_id": "concrete-cms-security-advisory-2023-04-20", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:13Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20" }, { "reference_url": "https://github.com/advisories/GHSA-9h33-5fxw-r2xv", "reference_id": "GHSA-9h33-5fxw-r2xv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9h33-5fxw-r2xv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379355?format=api", "purl": "pkg:composer/concrete5/concrete5@9.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-7whk-wmkw-vuec" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-acs4-8efj-jqa5" }, { "vulnerability": "VCID-afq8-b83x-ckfn" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-chav-mybs-syd2" }, { "vulnerability": "VCID-d263-cpsv-fkeg" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-fvdb-zeth-8qh7" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-gg3x-yz6u-nygp" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-n6yd-31cx-zqh2" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tgvt-rgwm-d7de" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-ty11-5ff4-s7av" }, { "vulnerability": "VCID-tzyh-y7uc-hff9" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vbae-fwnr-zff5" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-wqt4-uc3s-zbdn" }, { "vulnerability": "VCID-x48e-w1z4-57ab" }, { "vulnerability": "VCID-yc8g-gqaj-8ycj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0" } ], "aliases": [ "CVE-2023-28471", "GHSA-9h33-5fxw-r2xv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-69vg-twmj-jfb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163154?format=api", "vulnerability_id": "VCID-71ae-y44g-kbbw", "summary": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Thanks @_akbar_jafarli_ for reporting. Remediate by updating to Concrete CMS 8.5.10 and Concrete CMS 9.1.3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43556", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01853", "scoring_system": "epss", "scoring_elements": "0.83499", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01853", "scoring_system": "epss", "scoring_elements": "0.83431", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01853", "scoring_system": "epss", "scoring_elements": "0.83496", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01853", "scoring_system": "epss", "scoring_elements": "0.8349", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43556" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes", "reference_id": "8510-release-notes", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:59:04Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes", "reference_id": "913-release-notes", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:59:04Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31", "reference_id": "concrete-cms-security-advisory-2022-10-31", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:59:04Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43556", "reference_id": "CVE-2022-43556", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43556" }, { "reference_url": "https://github.com/advisories/GHSA-xj33-8r43-r227", "reference_id": "GHSA-xj33-8r43-r227", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xj33-8r43-r227" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27858?format=api", "purl": "pkg:composer/concrete5/concrete5@9.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zw6-abpq-aqee" }, { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-69vg-twmj-jfb2" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-7whk-wmkw-vuec" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-acs4-8efj-jqa5" }, { "vulnerability": "VCID-afq8-b83x-ckfn" }, { "vulnerability": "VCID-bbxq-cdbp-vucg" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-chav-mybs-syd2" }, { "vulnerability": "VCID-cyhv-k8b7-u3dc" }, { "vulnerability": "VCID-d263-cpsv-fkeg" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-fvdb-zeth-8qh7" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-gg3x-yz6u-nygp" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-j9t7-y29v-6bb7" }, { "vulnerability": "VCID-m9p2-uh8x-zuh8" }, { "vulnerability": "VCID-n6yd-31cx-zqh2" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-s6vy-zjm8-n7bc" }, { "vulnerability": "VCID-tgvt-rgwm-d7de" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-ty11-5ff4-s7av" }, { "vulnerability": "VCID-tzyh-y7uc-hff9" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vbae-fwnr-zff5" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-wqt4-uc3s-zbdn" }, { "vulnerability": "VCID-x48e-w1z4-57ab" }, { "vulnerability": "VCID-yc8g-gqaj-8ycj" }, { "vulnerability": "VCID-yjan-urxm-g3a4" }, { "vulnerability": "VCID-yu9q-pa9p-huck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3" } ], "aliases": [ "CVE-2022-43556", "GHSA-xj33-8r43-r227" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-71ae-y44g-kbbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/120419?format=api", "vulnerability_id": "VCID-7mj3-9jvf-vudw", "summary": "Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The \"Add Folder\" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N. Versions below 9 are not affected. Thanks, Alfin Joseph for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43779", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43942", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43954", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43934", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0660" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0660", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0660" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/12454", "reference_id": "12454", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:38:19Z/" } ], "url": "https://github.com/concretecms/concretecms/pull/12454" }, { "reference_url": "https://github.com/concretecms/bedrock/pull/370", "reference_id": "370", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:38:19Z/" } ], "url": "https://github.com/concretecms/bedrock/pull/370" }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes", "reference_id": "940-release-notes", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:38:19Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes" }, { "reference_url": "https://github.com/advisories/GHSA-pvmx-mjmh-jfcx", "reference_id": "GHSA-pvmx-mjmh-jfcx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pvmx-mjmh-jfcx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377800?format=api", "purl": "pkg:composer/concrete5/concrete5@9.4.0-RC1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.0-RC1" }, { "url": "http://public2.vulnerablecode.io/api/packages/785786?format=api", "purl": "pkg:composer/concrete5/concrete5@9.4.0RC1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-x48e-w1z4-57ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.0RC1" } ], "aliases": [ "CVE-2025-0660", "GHSA-pvmx-mjmh-jfcx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7mj3-9jvf-vudw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/356848?format=api", "vulnerability_id": "VCID-7whk-wmkw-vuec", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44763", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50709", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50842", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50858", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50846", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44763" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/sromanhu/ConcreteCMS-Arbitrary-file-upload-Thumbnail", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sromanhu/ConcreteCMS-Arbitrary-file-upload-Thumbnail" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44763", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44763" }, { "reference_url": "https://web.archive.org/web/20231026034159/https://documentation.concretecms.org/user-guide/editors-reference/dashboard/system-and-maintenance/files/allowed-file-types", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20231026034159/https://documentation.concretecms.org/user-guide/editors-reference/dashboard/system-and-maintenance/files/allowed-file-types" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-25-concrete-cms-rejects-cve-2023-44763", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-25-concrete-cms-rejects-cve-2023-44763" }, { "reference_url": "https://github.com/advisories/GHSA-wrp2-6v6j-hfmg", "reference_id": "GHSA-wrp2-6v6j-hfmg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wrp2-6v6j-hfmg" } ], "fixed_packages": [], "aliases": [ "CVE-2023-44763", "GHSA-wrp2-6v6j-hfmg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7whk-wmkw-vuec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63538?format=api", "vulnerability_id": "VCID-8war-c3pp-kuf5", "summary": "Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Name field which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.2 with a vector of AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N Concrete versions below 9 do not include group types so they are not affected by this vulnerability. Thanks Luca Fuda for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2179", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31147", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31145", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31161", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.3095", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2179" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/ac1ec9b069acac79869b2988e1f56cc5565a3dd4", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/ac1ec9b069acac79869b2988e1f56cc5565a3dd4" }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/927-release-notes", "reference_id": "927-release-notes", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-06T20:22:19Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/927-release-notes" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2179", "reference_id": "CVE-2024-2179", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2179" }, { "reference_url": "https://github.com/advisories/GHSA-4m7h-34xm-4wjv", "reference_id": "GHSA-4m7h-34xm-4wjv", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4m7h-34xm-4wjv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29537?format=api", "purl": "pkg:composer/concrete5/concrete5@9.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-x48e-w1z4-57ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.7" } ], "aliases": [ "CVE-2024-2179", "GHSA-4m7h-34xm-4wjv" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8war-c3pp-kuf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64388?format=api", "vulnerability_id": "VCID-9j62-yk3f-bfgk", "summary": "Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3181", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28128", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28142", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28153", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.2793", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3181" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.", "reference_id": "8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T15:34:26Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA." }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.", "reference_id": "928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T15:34:26Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA." }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3181", "reference_id": "CVE-2024-3181", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3181" }, { "reference_url": "https://github.com/advisories/GHSA-qgm9-rxmq-jxmq", "reference_id": "GHSA-qgm9-rxmq-jxmq", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qgm9-rxmq-jxmq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30163?format=api", "purl": "pkg:composer/concrete5/concrete5@9.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-x48e-w1z4-57ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8" } ], "aliases": [ "CVE-2024-3181", "GHSA-qgm9-rxmq-jxmq" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9j62-yk3f-bfgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/162962?format=api", "vulnerability_id": "VCID-9kyu-9sz6-1bea", "summary": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information (secrets in environment variables and server information) when Debug Mode is left on in production.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43691", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43898", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43909", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43743", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43918", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43691" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/8.5.10", "reference_id": "8.5.10", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:12:15Z/" } ], "url": "https://github.com/concretecms/concretecms/releases/8.5.10" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes", "reference_id": "8510-release-notes", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:12:15Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/9.1.3", "reference_id": "9.1.3", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:12:15Z/" } ], "url": "https://github.com/concretecms/concretecms/releases/9.1.3" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes", "reference_id": "913-release-notes", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:12:15Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31", "reference_id": "concrete-cms-security-advisory-2022-10-31", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:12:15Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43691", "reference_id": "CVE-2022-43691", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43691" }, { "reference_url": "https://github.com/advisories/GHSA-q3hq-hm5h-qrx3", "reference_id": "GHSA-q3hq-hm5h-qrx3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q3hq-hm5h-qrx3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27858?format=api", "purl": "pkg:composer/concrete5/concrete5@9.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zw6-abpq-aqee" }, { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-69vg-twmj-jfb2" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-7whk-wmkw-vuec" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-acs4-8efj-jqa5" }, { "vulnerability": "VCID-afq8-b83x-ckfn" }, { "vulnerability": "VCID-bbxq-cdbp-vucg" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-chav-mybs-syd2" }, { "vulnerability": "VCID-cyhv-k8b7-u3dc" }, { "vulnerability": "VCID-d263-cpsv-fkeg" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-fvdb-zeth-8qh7" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-gg3x-yz6u-nygp" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-j9t7-y29v-6bb7" }, { "vulnerability": "VCID-m9p2-uh8x-zuh8" }, { "vulnerability": "VCID-n6yd-31cx-zqh2" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-s6vy-zjm8-n7bc" }, { "vulnerability": "VCID-tgvt-rgwm-d7de" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-ty11-5ff4-s7av" }, { "vulnerability": "VCID-tzyh-y7uc-hff9" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vbae-fwnr-zff5" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-wqt4-uc3s-zbdn" }, { "vulnerability": "VCID-x48e-w1z4-57ab" }, { "vulnerability": "VCID-yc8g-gqaj-8ycj" }, { "vulnerability": "VCID-yjan-urxm-g3a4" }, { "vulnerability": "VCID-yu9q-pa9p-huck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3" } ], "aliases": [ "CVE-2022-43691", "GHSA-q3hq-hm5h-qrx3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9kyu-9sz6-1bea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45843?format=api", "vulnerability_id": "VCID-9z1s-b811-3ug2", "summary": "Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances. A rogue administrator could inject malicious code. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.6 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Versions below 9 are not affected. Thanks, m3dium for reporting. (CNA updated AC score to L based on CVSS 4.0 documentation)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7512", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78561", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78639", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78644", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78627", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7512" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://hackerone.com/reports/2486344", "reference_id": "2486344", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T13:49:33Z/" } ], "url": "https://hackerone.com/reports/2486344" }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723055753d52041", "reference_id": "933-release-notes?pk_vid=e367a434ef4830491723055753d52041", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T13:49:33Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723055753d52041" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7512", "reference_id": "CVE-2024-7512", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7512" }, { "reference_url": "https://github.com/advisories/GHSA-c47w-9mcf-w972", "reference_id": "GHSA-c47w-9mcf-w972", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c47w-9mcf-w972" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32957?format=api", "purl": "pkg:composer/concrete5/concrete5@9.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-x48e-w1z4-57ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.3.3" } ], "aliases": [ "CVE-2024-7512", "GHSA-c47w-9mcf-w972" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9z1s-b811-3ug2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/356850?format=api", "vulnerability_id": "VCID-acs4-8efj-jqa5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44765", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53584", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.5371", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53725", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53712", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44765" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/11746", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/pull/11746" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/11746/commits/0f0564232e0a49719d0bdff6223539b624f116ee", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/pull/11746/commits/0f0564232e0a49719d0bdff6223539b624f116ee" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/11746/commits/92bcc208078571f4beda38cb0952f8e99887737a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/pull/11746/commits/92bcc208078571f4beda38cb0952f8e99887737a" }, { "reference_url": "https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Associations", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Associations" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44765", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44765" }, { "reference_url": "https://github.com/advisories/GHSA-6xx7-r8x4-fpjp", "reference_id": "GHSA-6xx7-r8x4-fpjp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6xx7-r8x4-fpjp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379110?format=api", "purl": "pkg:composer/concrete5/concrete5@9.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-chav-mybs-syd2" }, { "vulnerability": "VCID-d263-cpsv-fkeg" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-ty11-5ff4-s7av" }, { "vulnerability": "VCID-tzyh-y7uc-hff9" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-x48e-w1z4-57ab" }, { "vulnerability": "VCID-yc8g-gqaj-8ycj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.2" } ], "aliases": [ "CVE-2023-44765", "GHSA-6xx7-r8x4-fpjp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-acs4-8efj-jqa5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/356849?format=api", "vulnerability_id": "VCID-afq8-b83x-ckfn", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44764", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43982", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.44136", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.44154", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.44143", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44764" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Site_Installation", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Site_Installation" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44764", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44764" }, { "reference_url": "https://github.com/advisories/GHSA-j6h5-ggv2-3rfv", "reference_id": "GHSA-j6h5-ggv2-3rfv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j6h5-ggv2-3rfv" } ], "fixed_packages": [], "aliases": [ "CVE-2023-44764", "GHSA-j6h5-ggv2-3rfv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-afq8-b83x-ckfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/355651?format=api", "vulnerability_id": "VCID-bbxq-cdbp-vucg", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28477", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02044", "scoring_system": "epss", "scoring_elements": "0.84219", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02044", "scoring_system": "epss", "scoring_elements": "0.84274", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02044", "scoring_system": "epss", "scoring_elements": "0.84282", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02044", "scoring_system": "epss", "scoring_elements": "0.84277", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28477" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/546cef6ec29208d5c079113635cd6e6b250e9f7c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/546cef6ec29208d5c079113635cd6e6b250e9f7c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28477", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28477" }, { "reference_url": "https://github.com/advisories/GHSA-xfmj-r86m-j2hr", "reference_id": "GHSA-xfmj-r86m-j2hr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xfmj-r86m-j2hr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379355?format=api", "purl": "pkg:composer/concrete5/concrete5@9.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-7whk-wmkw-vuec" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-acs4-8efj-jqa5" }, { "vulnerability": "VCID-afq8-b83x-ckfn" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-chav-mybs-syd2" }, { "vulnerability": "VCID-d263-cpsv-fkeg" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-fvdb-zeth-8qh7" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-gg3x-yz6u-nygp" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-n6yd-31cx-zqh2" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tgvt-rgwm-d7de" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-ty11-5ff4-s7av" }, { "vulnerability": "VCID-tzyh-y7uc-hff9" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vbae-fwnr-zff5" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-wqt4-uc3s-zbdn" }, { "vulnerability": "VCID-x48e-w1z4-57ab" }, { "vulnerability": "VCID-yc8g-gqaj-8ycj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0" } ], "aliases": [ "CVE-2023-28477", "GHSA-xfmj-r86m-j2hr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bbxq-cdbp-vucg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45535?format=api", "vulnerability_id": "VCID-c2xh-rq7d-wqey", "summary": "Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. Users or groups with permission to create event calendars can embed scripts, and users or groups with permission to modify event calendars can execute scripts. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N Thank you, Yusuke Uchida for reporting. CNA updated this risk rank on 20 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7398", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40884", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.41061", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.41072", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.4105", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7398" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/12183", "reference_id": "12183", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:04:57Z/" } ], "url": "https://github.com/concretecms/concretecms/pull/12183" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/12184", "reference_id": "12184", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:04:57Z/" } ], "url": "https://github.com/concretecms/concretecms/pull/12184" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/7c8ed0d1d9db0d7f6df7fa066e0858ea618451a5", "reference_id": "7c8ed0d1d9db0d7f6df7fa066e0858ea618451a5", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:04:57Z/" } ], "url": "https://github.com/concretecms/concretecms/commit/7c8ed0d1d9db0d7f6df7fa066e0858ea618451a5" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes", "reference_id": "8519-release-notes", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:04:57Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes" }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes", "reference_id": "934-release-notes", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:04:57Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7398", "reference_id": "CVE-2024-7398", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7398" }, { "reference_url": "https://github.com/advisories/GHSA-x8h2-255q-jg4x", "reference_id": "GHSA-x8h2-255q-jg4x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x8h2-255q-jg4x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33394?format=api", "purl": "pkg:composer/concrete5/concrete5@9.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-x48e-w1z4-57ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.3.4" } ], "aliases": [ "CVE-2024-7398", "GHSA-x8h2-255q-jg4x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c2xh-rq7d-wqey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/146454?format=api", "vulnerability_id": "VCID-chav-mybs-syd2", "summary": "Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) at /ccm/system/dialogs/file/delete/1/submit.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48651", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00839", "scoring_system": "epss", "scoring_elements": "0.75217", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00839", "scoring_system": "epss", "scoring_elements": "0.7522", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00839", "scoring_system": "epss", "scoring_elements": "0.75137", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00839", "scoring_system": "epss", "scoring_elements": "0.75207", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48651" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/077755e6bbbc1c67b7508add9e3d207e8d8909a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/077755e6bbbc1c67b7508add9e3d207e8d8909a0" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates", "reference_id": "2023-12-05-concrete-cms-new-cves-and-cve-updates", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:17:29Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes", "reference_id": "923-release-notes", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:17:29Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48651", "reference_id": "CVE-2023-48651", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48651" }, { "reference_url": "https://github.com/advisories/GHSA-45m2-8q7f-93wv", "reference_id": "GHSA-45m2-8q7f-93wv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-45m2-8q7f-93wv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29435?format=api", "purl": "pkg:composer/concrete5/concrete5@9.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-x48e-w1z4-57ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.3" } ], "aliases": [ "CVE-2023-48651", "GHSA-45m2-8q7f-93wv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-chav-mybs-syd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/355648?format=api", "vulnerability_id": "VCID-cyhv-k8b7-u3dc", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28472", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00459", "scoring_system": "epss", "scoring_elements": "0.64452", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00459", "scoring_system": "epss", "scoring_elements": "0.64554", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00459", "scoring_system": "epss", "scoring_elements": "0.64566", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00459", "scoring_system": "epss", "scoring_elements": "0.64562", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28472" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/11749", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/pull/11749" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/tag/8.5.13", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/releases/tag/8.5.13" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28472", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28472" }, { "reference_url": "https://github.com/advisories/GHSA-f55r-8rcv-mqcf", "reference_id": "GHSA-f55r-8rcv-mqcf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f55r-8rcv-mqcf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379355?format=api", "purl": "pkg:composer/concrete5/concrete5@9.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-7whk-wmkw-vuec" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-acs4-8efj-jqa5" }, { "vulnerability": "VCID-afq8-b83x-ckfn" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-chav-mybs-syd2" }, { "vulnerability": "VCID-d263-cpsv-fkeg" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-fvdb-zeth-8qh7" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-gg3x-yz6u-nygp" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-n6yd-31cx-zqh2" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tgvt-rgwm-d7de" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-ty11-5ff4-s7av" }, { "vulnerability": "VCID-tzyh-y7uc-hff9" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vbae-fwnr-zff5" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-wqt4-uc3s-zbdn" }, { "vulnerability": "VCID-x48e-w1z4-57ab" }, { "vulnerability": "VCID-yc8g-gqaj-8ycj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0" } ], "aliases": [ "CVE-2023-28472", "GHSA-f55r-8rcv-mqcf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cyhv-k8b7-u3dc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/357423?format=api", "vulnerability_id": "VCID-d263-cpsv-fkeg", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48652", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.5668", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56801", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56816", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56805", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48652" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48652", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48652" }, { "reference_url": "https://github.com/advisories/GHSA-qp42-5pj7-4ccm", "reference_id": "GHSA-qp42-5pj7-4ccm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qp42-5pj7-4ccm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29435?format=api", "purl": "pkg:composer/concrete5/concrete5@9.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-x48e-w1z4-57ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.3" } ], "aliases": [ "CVE-2023-48652", "GHSA-qp42-5pj7-4ccm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d263-cpsv-fkeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85463?format=api", "vulnerability_id": "VCID-d4bd-m93f-aqf2", "summary": "In Concrete CMS below version 9.4.8, a rogue administrator can add stored XSS via the Switch Language block. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks M3dium for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3242", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01394", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0139", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01381", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01379", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3242" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/12826", "reference_id": "12826", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:42:24Z/" } ], "url": "https://github.com/concretecms/concretecms/pull/12826" }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes", "reference_id": "948-release-notes", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:42:24Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3242", "reference_id": "CVE-2026-3242", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3242" }, { "reference_url": "https://github.com/advisories/GHSA-w9qg-chfh-g3q9", "reference_id": "GHSA-w9qg-chfh-g3q9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w9qg-chfh-g3q9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40145?format=api", "purl": "pkg:composer/concrete5/concrete5@9.4.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8" } ], "aliases": [ "CVE-2026-3242", "GHSA-w9qg-chfh-g3q9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d4bd-m93f-aqf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/127526?format=api", "vulnerability_id": "VCID-dgf1-ded8-4uef", "summary": "Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 are vulnerable to CSRF and XSS in the Concrete CMS Address attribute because addresses are not properly sanitized in the output when a country is not specified. Attackers are limited to individuals whom a site administrator has granted the ability to fill in an address attribute. It is possible for the attacker to glean limited information from the site but amount and type is restricted by mitigating controls and the level of access of the attacker. Limited data modification is possible. The dashboard page itself could be rendered unavailable. \nThe fix only sanitizes new data uploaded post update to Concrete CMS 9.4.0RC2. Existing database entries added before the update will still be “live” if there were successful exploits added under previous versions; a database search is recommended. The Concrete CMS security team gave this vulnerability CVSS v.4.0 score of 5.1 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L Thanks Myq Larson for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3153", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56494", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56617", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56613", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56627", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3153" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3153", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3153" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/12511", "reference_id": "12511", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:04:27Z/" } ], "url": "https://github.com/concretecms/concretecms/pull/12511" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/12512", "reference_id": "12512", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:04:27Z/" } ], "url": "https://github.com/concretecms/concretecms/pull/12512" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/tag/8.5.20", "reference_id": "8.5.20", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:04:27Z/" } ], "url": "https://github.com/concretecms/concretecms/releases/tag/8.5.20" }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes", "reference_id": "940-release-notes", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:04:27Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes" }, { "reference_url": "https://github.com/advisories/GHSA-cmm4-p9v2-q453", "reference_id": "GHSA-cmm4-p9v2-q453", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cmm4-p9v2-q453" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376517?format=api", "purl": "pkg:composer/concrete5/concrete5@9.4.0-RC2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.0-RC2" }, { "url": "http://public2.vulnerablecode.io/api/packages/791691?format=api", "purl": "pkg:composer/concrete5/concrete5@9.4.0RC2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-x48e-w1z4-57ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.0RC2" } ], "aliases": [ "CVE-2025-3153", "GHSA-cmm4-p9v2-q453" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dgf1-ded8-4uef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92329?format=api", "vulnerability_id": "VCID-dx1t-b982-5ucd", "summary": "Concrete CMS 9 to 9.4.2 and versions below 8.5.21 are vulnerable to Reflected Cross-Site Scripting (XSS) in the Conversation Messages Dashboard Page. Unsanitized input could cause theft of session cookies or tokens, defacement of web content, redirection to malicious sites, and (if victim is an admin), the execution of unauthorized actions. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Fortbridge https://fortbridge.co.uk/ for performing a penetration test and vulnerability assessment on Concrete CMS and reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8571", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49646", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49788", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49801", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49782", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8571" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/4b39dcc17c309dc82eb8398e8cdb146942f62f92", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/4b39dcc17c309dc82eb8398e8cdb146942f62f92" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/f7630b467d3a234d3d333ca117046a500e7ee2b6", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/f7630b467d3a234d3d333ca117046a500e7ee2b6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8571", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8571" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/8521-release-notes", "reference_id": "8521-release-notes", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-06T16:14:47Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/8521-release-notes" }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/943-release-notes", "reference_id": "943-release-notes", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-06T16:14:47Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/943-release-notes" }, { "reference_url": "https://www.concretecms.org/download", "reference_id": "download", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-06T16:14:47Z/" } ], "url": "https://www.concretecms.org/download" }, { "reference_url": "https://github.com/advisories/GHSA-4pcg-pjp5-3mc6", "reference_id": "GHSA-4pcg-pjp5-3mc6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4pcg-pjp5-3mc6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377524?format=api", "purl": "pkg:composer/concrete5/concrete5@9.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.3" } ], "aliases": [ "CVE-2025-8571", "GHSA-4pcg-pjp5-3mc6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dx1t-b982-5ucd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47690?format=api", "vulnerability_id": "VCID-eyep-q35n-ebcv", "summary": "Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in the generate dashboard board\ninstance functionality. The Name input field does not check the input sufficiently letting a rogue administrator have the capability to inject malicious\nJavaScript code. The Concrete CMS security team gave this vulnerability a CVSS v4 score of 4.6 with a vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N. Concrete versions below 9 are not affected by this vulnerability.Thanks fhAnso for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4353", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60172", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60283", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60279", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.6029", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4353" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/ff5a2aba7fbc1ff0368202a2c0afddea47136daf", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/ff5a2aba7fbc1ff0368202a2c0afddea47136daf" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/12151", "reference_id": "12151", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-01T18:37:36Z/" } ], "url": "https://github.com/concretecms/concretecms/pull/12151" }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes", "reference_id": "933-release-notes", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-01T18:37:36Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4353", "reference_id": "CVE-2024-4353", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4353" }, { "reference_url": "https://github.com/advisories/GHSA-3cpf-jmmc-8jm3", "reference_id": "GHSA-3cpf-jmmc-8jm3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3cpf-jmmc-8jm3" } ], "fixed_packages": [], "aliases": [ "CVE-2024-4353", "GHSA-3cpf-jmmc-8jm3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eyep-q35n-ebcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/146191?format=api", "vulnerability_id": "VCID-fvdb-zeth-8qh7", "summary": "Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48648", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00729", "scoring_system": "epss", "scoring_elements": "0.73114", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00729", "scoring_system": "epss", "scoring_elements": "0.73205", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00729", "scoring_system": "epss", "scoring_elements": "0.73191", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00729", "scoring_system": "epss", "scoring_elements": "0.73207", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48648" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/707b974826b761dda5c0baaf345c8582157d9307", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/707b974826b761dda5c0baaf345c8582157d9307" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/eb882681a0ed19798a8f689d257af8dfe2f3a279", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/eb882681a0ed19798a8f689d257af8dfe2f3a279" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/11677", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/pull/11677" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48648", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48648" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release", "reference_id": "2023-11-09-security-blog-about-updated-cves-and-new-release", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-29T14:37:35Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes", "reference_id": "8513-release-notes", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-29T14:37:35Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes", "reference_id": "922-release-notes", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-29T14:37:35Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes" }, { "reference_url": "https://github.com/advisories/GHSA-m87h-jxr6-f82w", "reference_id": "GHSA-m87h-jxr6-f82w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m87h-jxr6-f82w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379110?format=api", "purl": "pkg:composer/concrete5/concrete5@9.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-chav-mybs-syd2" }, { "vulnerability": "VCID-d263-cpsv-fkeg" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-ty11-5ff4-s7av" }, { "vulnerability": "VCID-tzyh-y7uc-hff9" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-x48e-w1z4-57ab" }, { "vulnerability": "VCID-yc8g-gqaj-8ycj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.2" } ], "aliases": [ "CVE-2023-48648", "GHSA-m87h-jxr6-f82w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fvdb-zeth-8qh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66432?format=api", "vulnerability_id": "VCID-g134-5qhy-mudn", "summary": "ConcreteCMS v9.4.7 contains a Denial of Service (DoS) vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive::addFromString' combined with 'file_get_contents', which loads the entire content of every selected file into PHP memory. An authenticated attacker can exploit this by requesting a bulk download of large files, triggering an Out-Of-Memory (OOM) condition that causes the PHP-FPM process to terminate (SIGSEGV) and the web server to return a 500 error.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30662", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1891", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18751", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18934", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18916", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30662" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30662", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30662" }, { "reference_url": "https://wang1rrr.github.io/2026/02/11/CVE-Report-ConcreteCMS-DoS", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wang1rrr.github.io/2026/02/11/CVE-Report-ConcreteCMS-DoS" }, { "reference_url": "https://wang1rrr.github.io/2026/02/11/CVE-Report-ConcreteCMS-DoS/", "reference_id": "CVE-Report-ConcreteCMS-DoS", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:49:15Z/" } ], "url": "https://wang1rrr.github.io/2026/02/11/CVE-Report-ConcreteCMS-DoS/" }, { "reference_url": "https://github.com/advisories/GHSA-p68c-rmfh-j48h", "reference_id": "GHSA-p68c-rmfh-j48h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p68c-rmfh-j48h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40145?format=api", "purl": "pkg:composer/concrete5/concrete5@9.4.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8" } ], "aliases": [ "CVE-2026-30662", "GHSA-p68c-rmfh-j48h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g134-5qhy-mudn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163256?format=api", "vulnerability_id": "VCID-g3pw-h46n-fyac", "summary": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43967", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71578", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71589", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71492", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71591", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43967" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/8.5.10", "reference_id": "8.5.10", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:50:32Z/" } ], "url": "https://github.com/concretecms/concretecms/releases/8.5.10" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes", "reference_id": "8510-release-notes", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:50:32Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/9.1.3", "reference_id": "9.1.3", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:50:32Z/" } ], "url": "https://github.com/concretecms/concretecms/releases/9.1.3" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes", "reference_id": "913-release-notes", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:50:32Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31", "reference_id": "concrete-cms-security-advisory-2022-10-31", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:50:32Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43967", "reference_id": "CVE-2022-43967", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43967" }, { "reference_url": "https://github.com/advisories/GHSA-vq39-q549-g786", "reference_id": "GHSA-vq39-q549-g786", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vq39-q549-g786" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27858?format=api", "purl": "pkg:composer/concrete5/concrete5@9.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zw6-abpq-aqee" }, { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-69vg-twmj-jfb2" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-7whk-wmkw-vuec" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-acs4-8efj-jqa5" }, { "vulnerability": "VCID-afq8-b83x-ckfn" }, { "vulnerability": "VCID-bbxq-cdbp-vucg" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-chav-mybs-syd2" }, { "vulnerability": "VCID-cyhv-k8b7-u3dc" }, { "vulnerability": "VCID-d263-cpsv-fkeg" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-fvdb-zeth-8qh7" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-gg3x-yz6u-nygp" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-j9t7-y29v-6bb7" }, { "vulnerability": "VCID-m9p2-uh8x-zuh8" }, { "vulnerability": "VCID-n6yd-31cx-zqh2" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-s6vy-zjm8-n7bc" }, { "vulnerability": "VCID-tgvt-rgwm-d7de" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-ty11-5ff4-s7av" }, { "vulnerability": "VCID-tzyh-y7uc-hff9" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vbae-fwnr-zff5" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-wqt4-uc3s-zbdn" }, { "vulnerability": "VCID-x48e-w1z4-57ab" }, { "vulnerability": "VCID-yc8g-gqaj-8ycj" }, { "vulnerability": "VCID-yjan-urxm-g3a4" }, { "vulnerability": "VCID-yu9q-pa9p-huck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3" } ], "aliases": [ "CVE-2022-43967", "GHSA-vq39-q549-g786" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g3pw-h46n-fyac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/356847?format=api", "vulnerability_id": "VCID-gg3x-yz6u-nygp", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44761", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53584", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.5371", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53725", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53712", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44761" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Forms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Forms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44761", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44761" }, { "reference_url": "https://github.com/advisories/GHSA-p4jj-gwpg-9jwh", "reference_id": "GHSA-p4jj-gwpg-9jwh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p4jj-gwpg-9jwh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379110?format=api", "purl": "pkg:composer/concrete5/concrete5@9.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-chav-mybs-syd2" }, { "vulnerability": "VCID-d263-cpsv-fkeg" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-ty11-5ff4-s7av" }, { "vulnerability": "VCID-tzyh-y7uc-hff9" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-x48e-w1z4-57ab" }, { "vulnerability": "VCID-yc8g-gqaj-8ycj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.2" } ], "aliases": [ "CVE-2023-44761", "GHSA-p4jj-gwpg-9jwh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gg3x-yz6u-nygp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/162954?format=api", "vulnerability_id": "VCID-h56x-jv8r-a3aq", "summary": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43687", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54553", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54679", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54695", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54678", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43687" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/8.5.10", "reference_id": "8.5.10", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:18:32Z/" } ], "url": "https://github.com/concretecms/concretecms/releases/8.5.10" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes", "reference_id": "8510-release-notes", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:18:32Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/9.1.3", "reference_id": "9.1.3", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:18:32Z/" } ], "url": "https://github.com/concretecms/concretecms/releases/9.1.3" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes", "reference_id": "913-release-notes", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:18:32Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31", "reference_id": "concrete-cms-security-advisory-2022-10-31", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:18:32Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43687", "reference_id": "CVE-2022-43687", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43687" }, { "reference_url": "https://github.com/advisories/GHSA-m53v-5x5x-5m2p", "reference_id": "GHSA-m53v-5x5x-5m2p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m53v-5x5x-5m2p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27858?format=api", "purl": "pkg:composer/concrete5/concrete5@9.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zw6-abpq-aqee" }, { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-69vg-twmj-jfb2" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-7whk-wmkw-vuec" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-acs4-8efj-jqa5" }, { "vulnerability": "VCID-afq8-b83x-ckfn" }, { "vulnerability": "VCID-bbxq-cdbp-vucg" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-chav-mybs-syd2" }, { "vulnerability": "VCID-cyhv-k8b7-u3dc" }, { "vulnerability": "VCID-d263-cpsv-fkeg" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-fvdb-zeth-8qh7" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-gg3x-yz6u-nygp" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-j9t7-y29v-6bb7" }, { "vulnerability": "VCID-m9p2-uh8x-zuh8" }, { "vulnerability": "VCID-n6yd-31cx-zqh2" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-s6vy-zjm8-n7bc" }, { "vulnerability": "VCID-tgvt-rgwm-d7de" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-ty11-5ff4-s7av" }, { "vulnerability": "VCID-tzyh-y7uc-hff9" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vbae-fwnr-zff5" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-wqt4-uc3s-zbdn" }, { "vulnerability": "VCID-x48e-w1z4-57ab" }, { "vulnerability": "VCID-yc8g-gqaj-8ycj" }, { "vulnerability": "VCID-yjan-urxm-g3a4" }, { "vulnerability": "VCID-yu9q-pa9p-huck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3" } ], "aliases": [ "CVE-2022-43687", "GHSA-m53v-5x5x-5m2p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h56x-jv8r-a3aq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/162912?format=api", "vulnerability_id": "VCID-h67e-b4s5-guac", "summary": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this functionality. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43690", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.57046", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.57054", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.5704", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56919", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43690" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/a4dc73a4a47823373d4b4824534bb9b7d251f72c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/a4dc73a4a47823373d4b4824534bb9b7d251f72c" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/d5dd12c40efed326b26862391b7e1e6f414cdd55", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/d5dd12c40efed326b26862391b7e1e6f414cdd55" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/8.5.10", "reference_id": "8.5.10", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:13:50Z/" } ], "url": "https://github.com/concretecms/concretecms/releases/8.5.10" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes", "reference_id": "8510-release-notes", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:13:50Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/9.1.3", "reference_id": "9.1.3", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:13:50Z/" } ], "url": "https://github.com/concretecms/concretecms/releases/9.1.3" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes", "reference_id": "913-release-notes", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:13:50Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31", "reference_id": "concrete-cms-security-advisory-2022-10-31", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:13:50Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43690", "reference_id": "CVE-2022-43690", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43690" }, { "reference_url": "https://github.com/advisories/GHSA-q56r-mw39-944g", "reference_id": "GHSA-q56r-mw39-944g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q56r-mw39-944g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27858?format=api", "purl": "pkg:composer/concrete5/concrete5@9.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zw6-abpq-aqee" }, { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-69vg-twmj-jfb2" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-7whk-wmkw-vuec" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-acs4-8efj-jqa5" }, { "vulnerability": "VCID-afq8-b83x-ckfn" }, { "vulnerability": "VCID-bbxq-cdbp-vucg" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-chav-mybs-syd2" }, { "vulnerability": "VCID-cyhv-k8b7-u3dc" }, { "vulnerability": "VCID-d263-cpsv-fkeg" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-fvdb-zeth-8qh7" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-gg3x-yz6u-nygp" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-j9t7-y29v-6bb7" }, { "vulnerability": "VCID-m9p2-uh8x-zuh8" }, { "vulnerability": "VCID-n6yd-31cx-zqh2" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-s6vy-zjm8-n7bc" }, { "vulnerability": "VCID-tgvt-rgwm-d7de" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-ty11-5ff4-s7av" }, { "vulnerability": "VCID-tzyh-y7uc-hff9" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vbae-fwnr-zff5" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-wqt4-uc3s-zbdn" }, { "vulnerability": "VCID-x48e-w1z4-57ab" }, { "vulnerability": "VCID-yc8g-gqaj-8ycj" }, { "vulnerability": "VCID-yjan-urxm-g3a4" }, { "vulnerability": "VCID-yu9q-pa9p-huck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3" } ], "aliases": [ "CVE-2022-43690", "GHSA-q56r-mw39-944g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h67e-b4s5-guac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45871?format=api", "vulnerability_id": "VCID-hdw7-spv5-k3c6", "summary": "Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in getAttributeSetName(). A rogue administrator could inject malicious code. The Concrete CMS team gave this a CVSS v4.0 rank of 4.6 with vector https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks, m3dium for reporting. (CNA updated this risk rank on 20 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7394", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03921", "scoring_system": "epss", "scoring_elements": "0.88575", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.03921", "scoring_system": "epss", "scoring_elements": "0.88619", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.03921", "scoring_system": "epss", "scoring_elements": "0.88621", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.03921", "scoring_system": "epss", "scoring_elements": "0.88614", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7394" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/3a5974e94892c43388c3529e57a140bf2967c734", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/3a5974e94892c43388c3529e57a140bf2967c734" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/e7e0eb95a0c4d0875c3712e33f495be76578cd5a", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/e7e0eb95a0c4d0875c3712e33f495be76578cd5a" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/12166", "reference_id": "12166", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:54:29Z/" } ], "url": "https://github.com/concretecms/concretecms/pull/12166" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/8518-release-notes?pk_vid=e367a434ef4830491723055758d52041", "reference_id": "8518-release-notes?pk_vid=e367a434ef4830491723055758d52041", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:54:29Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/8518-release-notes?pk_vid=e367a434ef4830491723055758d52041" }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723055753d52041", "reference_id": "933-release-notes?pk_vid=e367a434ef4830491723055753d52041", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:54:29Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723055753d52041" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/c08d9671cec4e7afdabb547339c4bc0bed8eab06", "reference_id": "c08d9671cec4e7afdabb547339c4bc0bed8eab06", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:54:29Z/" } ], "url": "https://github.com/concretecms/concretecms/commit/c08d9671cec4e7afdabb547339c4bc0bed8eab06" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7394", "reference_id": "CVE-2024-7394", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7394" }, { "reference_url": "https://github.com/advisories/GHSA-w6j6-w6jx-vf2r", "reference_id": "GHSA-w6j6-w6jx-vf2r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w6j6-w6jx-vf2r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32957?format=api", "purl": "pkg:composer/concrete5/concrete5@9.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-x48e-w1z4-57ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.3.3" } ], "aliases": [ "CVE-2024-7394", "GHSA-w6j6-w6jx-vf2r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hdw7-spv5-k3c6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211514?format=api", "vulnerability_id": "VCID-he4r-v9gv-tkdh", "summary": "Concrete CMS vulnerable to Cross-site Scripting", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43688", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.59355", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.59352", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.5924", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.59364", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43688" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/51f19b377a19c97a8b8f1d4d0f13724ed1c7c7a7", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/51f19b377a19c97a8b8f1d4d0f13724ed1c7c7a7" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/6d46ca042fcfeda0f7881d8744f5216ef1abce0e", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/6d46ca042fcfeda0f7881d8744f5216ef1abce0e" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/10999", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/pull/10999" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43688", "reference_id": "CVE-2022-43688", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43688" }, { "reference_url": "https://github.com/advisories/GHSA-9jc5-9wh5-mc36", "reference_id": "GHSA-9jc5-9wh5-mc36", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9jc5-9wh5-mc36" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27858?format=api", "purl": "pkg:composer/concrete5/concrete5@9.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zw6-abpq-aqee" }, { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-69vg-twmj-jfb2" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-7whk-wmkw-vuec" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-acs4-8efj-jqa5" }, { "vulnerability": "VCID-afq8-b83x-ckfn" }, { "vulnerability": "VCID-bbxq-cdbp-vucg" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-chav-mybs-syd2" }, { "vulnerability": "VCID-cyhv-k8b7-u3dc" }, { "vulnerability": "VCID-d263-cpsv-fkeg" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-fvdb-zeth-8qh7" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-gg3x-yz6u-nygp" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-j9t7-y29v-6bb7" }, { "vulnerability": "VCID-m9p2-uh8x-zuh8" }, { "vulnerability": "VCID-n6yd-31cx-zqh2" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-s6vy-zjm8-n7bc" }, { "vulnerability": "VCID-tgvt-rgwm-d7de" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-ty11-5ff4-s7av" }, { "vulnerability": "VCID-tzyh-y7uc-hff9" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vbae-fwnr-zff5" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-wqt4-uc3s-zbdn" }, { "vulnerability": "VCID-x48e-w1z4-57ab" }, { "vulnerability": "VCID-yc8g-gqaj-8ycj" }, { "vulnerability": "VCID-yjan-urxm-g3a4" }, { "vulnerability": "VCID-yu9q-pa9p-huck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3" } ], "aliases": [ "CVE-2022-43688", "GHSA-9jc5-9wh5-mc36" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-he4r-v9gv-tkdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34796?format=api", "vulnerability_id": "VCID-htqe-191f-1yab", "summary": "Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 5.1 with vector https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks, Alexey Solovyev for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.57049", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.57175", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.57168", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.57182", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8291" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/d97b43b8dd0b5578b41d2ffb5b2186a44c2c772c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/d97b43b8dd0b5578b41d2ffb5b2186a44c2c772c" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/12183", "reference_id": "12183", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:05:39Z/" } ], "url": "https://github.com/concretecms/concretecms/pull/12183" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes", "reference_id": "8519-release-notes", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:05:39Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes" }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes", "reference_id": "934-release-notes", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:05:39Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8291", "reference_id": "CVE-2024-8291", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8291" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/dbce253166f6b10ff3e0c09e50fd395370b8b065", "reference_id": "dbce253166f6b10ff3e0c09e50fd395370b8b065", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:05:39Z/" } ], "url": "https://github.com/concretecms/concretecms/commit/dbce253166f6b10ff3e0c09e50fd395370b8b065" }, { "reference_url": "https://github.com/advisories/GHSA-q7qr-22qw-pqgx", "reference_id": "GHSA-q7qr-22qw-pqgx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q7qr-22qw-pqgx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33394?format=api", "purl": "pkg:composer/concrete5/concrete5@9.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-x48e-w1z4-57ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.3.4" } ], "aliases": [ "CVE-2024-8291", "GHSA-q7qr-22qw-pqgx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-htqe-191f-1yab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211547?format=api", "vulnerability_id": "VCID-j9t7-y29v-6bb7", "summary": "Withdrawn: ConcreteCMS vulnerable to Xpath injection attacks", "references": [ { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46464", "reference_id": "CVE-2022-46464", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46464" }, { "reference_url": "https://github.com/advisories/GHSA-7vx2-5349-qj99", "reference_id": "GHSA-7vx2-5349-qj99", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7vx2-5349-qj99" } ], "fixed_packages": [], "aliases": [ "CVE-2022-46464", "GHSA-7vx2-5349-qj99" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j9t7-y29v-6bb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/134512?format=api", "vulnerability_id": "VCID-m9p2-uh8x-zuh8", "summary": "Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Saved Presets on search.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28474", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01927", "scoring_system": "epss", "scoring_elements": "0.83763", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01927", "scoring_system": "epss", "scoring_elements": "0.83826", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01927", "scoring_system": "epss", "scoring_elements": "0.83829", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01927", "scoring_system": "epss", "scoring_elements": "0.8382", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28474" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28474", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28474" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates", "reference_id": "2023-12-05-concrete-cms-new-cves-and-cve-updates", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:30:45Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates" }, { "reference_url": "https://concretecms.com", "reference_id": "concretecms.com", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:30:45Z/" } ], "url": "https://concretecms.com" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20", "reference_id": "concrete-cms-security-advisory-2023-04-20", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:30:45Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20" }, { "reference_url": "https://github.com/advisories/GHSA-2j26-j953-2rph", "reference_id": "GHSA-2j26-j953-2rph", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2j26-j953-2rph" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379355?format=api", "purl": "pkg:composer/concrete5/concrete5@9.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-7whk-wmkw-vuec" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-acs4-8efj-jqa5" }, { "vulnerability": "VCID-afq8-b83x-ckfn" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-chav-mybs-syd2" }, { "vulnerability": "VCID-d263-cpsv-fkeg" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-fvdb-zeth-8qh7" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-gg3x-yz6u-nygp" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-n6yd-31cx-zqh2" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tgvt-rgwm-d7de" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-ty11-5ff4-s7av" }, { "vulnerability": "VCID-tzyh-y7uc-hff9" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vbae-fwnr-zff5" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-wqt4-uc3s-zbdn" }, { "vulnerability": "VCID-x48e-w1z4-57ab" }, { "vulnerability": "VCID-yc8g-gqaj-8ycj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0" } ], "aliases": [ "CVE-2023-28474", "GHSA-2j26-j953-2rph" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m9p2-uh8x-zuh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163150?format=api", "vulnerability_id": "VCID-mjce-crza-h7d4", "summary": "Concrete CMS is vulnerable to CSRF due to the lack of \"State\" parameter for external Concrete authentication service for users of Concrete who use the \"out of the box\" core OAuth.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43693", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.629", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.63009", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.63014", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.63002", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43693" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/8.5.10", "reference_id": "8.5.10", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:08:21Z/" } ], "url": "https://github.com/concretecms/concretecms/releases/8.5.10" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes", "reference_id": "8510-release-notes", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:08:21Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/9.1.3", "reference_id": "9.1.3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:08:21Z/" } ], "url": "https://github.com/concretecms/concretecms/releases/9.1.3" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes", "reference_id": "913-release-notes", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:08:21Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31", "reference_id": "concrete-cms-security-advisory-2022-10-31", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:08:21Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43693", "reference_id": "CVE-2022-43693", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43693" }, { "reference_url": "https://github.com/advisories/GHSA-w8fp-3gwq-gxpw", "reference_id": "GHSA-w8fp-3gwq-gxpw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w8fp-3gwq-gxpw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27858?format=api", "purl": "pkg:composer/concrete5/concrete5@9.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zw6-abpq-aqee" }, { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-69vg-twmj-jfb2" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-7whk-wmkw-vuec" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-acs4-8efj-jqa5" }, { "vulnerability": "VCID-afq8-b83x-ckfn" }, { "vulnerability": "VCID-bbxq-cdbp-vucg" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-chav-mybs-syd2" }, { "vulnerability": "VCID-cyhv-k8b7-u3dc" }, { "vulnerability": "VCID-d263-cpsv-fkeg" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-fvdb-zeth-8qh7" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-gg3x-yz6u-nygp" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-j9t7-y29v-6bb7" }, { "vulnerability": "VCID-m9p2-uh8x-zuh8" }, { "vulnerability": "VCID-n6yd-31cx-zqh2" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-s6vy-zjm8-n7bc" }, { "vulnerability": "VCID-tgvt-rgwm-d7de" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-ty11-5ff4-s7av" }, { "vulnerability": "VCID-tzyh-y7uc-hff9" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vbae-fwnr-zff5" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-wqt4-uc3s-zbdn" }, { "vulnerability": "VCID-x48e-w1z4-57ab" }, { "vulnerability": "VCID-yc8g-gqaj-8ycj" }, { "vulnerability": "VCID-yjan-urxm-g3a4" }, { "vulnerability": "VCID-yu9q-pa9p-huck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3" } ], "aliases": [ "CVE-2022-43693", "GHSA-w8fp-3gwq-gxpw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mjce-crza-h7d4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/131448?format=api", "vulnerability_id": "VCID-n6yd-31cx-zqh2", "summary": "A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44762", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44812", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44645", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44796", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.448", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44762" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44762", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44762" }, { "reference_url": "https://github.com/sromanhu/ConcreteCMS-Reflected-XSS---Tags", "reference_id": "ConcreteCMS-Reflected-XSS---Tags", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T16:28:16Z/" } ], "url": "https://github.com/sromanhu/ConcreteCMS-Reflected-XSS---Tags" }, { "reference_url": "https://github.com/advisories/GHSA-6fm3-r6mf-j875", "reference_id": "GHSA-6fm3-r6mf-j875", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6fm3-r6mf-j875" } ], "fixed_packages": [], "aliases": [ "CVE-2023-44762", "GHSA-6fm3-r6mf-j875" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n6yd-31cx-zqh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85790?format=api", "vulnerability_id": "VCID-nahk-p3f1-8bee", "summary": "In Concrete CMS below version 9.4.8, a stored cross-site scripting (XSS) vulnerability exists in the \"Legacy Form\" block. An authenticated user with permissions to create or edit forms (e.g., a rogue administrator) can inject a persistent JavaScript payload into the options of a multiple-choice question (Checkbox List, Radio Buttons, or Select Box). This payload is then executed in the browser of any user who views the page containing the form. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks M3dium for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3241", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01237", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01233", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01227", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.0123", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3241" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/12826", "reference_id": "12826", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:41:54Z/" } ], "url": "https://github.com/concretecms/concretecms/pull/12826" }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes", "reference_id": "948-release-notes", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:41:54Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3241", "reference_id": "CVE-2026-3241", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3241" }, { "reference_url": "https://github.com/advisories/GHSA-f4vq-pj32-gr4q", "reference_id": "GHSA-f4vq-pj32-gr4q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f4vq-pj32-gr4q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40145?format=api", "purl": "pkg:composer/concrete5/concrete5@9.4.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8" } ], "aliases": [ "CVE-2026-3241", "GHSA-f4vq-pj32-gr4q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nahk-p3f1-8bee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34088?format=api", "vulnerability_id": "VCID-nuz6-12nr-2yga", "summary": "Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.18 are vulnerable to Stored XSS in the \"Next&Previous Nav\" block. A rogue administrator could add a malicious payload by executing it in the browsers of targeted users. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Since the \"Next&Previous Nav\" block output was not sufficiently sanitized, the malicious payload could be executed in the browsers of targeted users. Thanks, Chu Quoc Khanh for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.68027", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.68124", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.68128", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.68115", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8661" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/3e548b416ae32efee1e0a42c4510be1106c7eb25", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/3e548b416ae32efee1e0a42c4510be1106c7eb25" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/12204", "reference_id": "12204", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T20:05:43Z/" } ], "url": "https://github.com/concretecms/concretecms/pull/12204" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes", "reference_id": "8519-release-notes", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T20:05:43Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes" }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes", "reference_id": "934-release-notes", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T20:05:43Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/ce5ee2ab83fe8de6fa012dd51c5a1dde05cb0dc4", "reference_id": "ce5ee2ab83fe8de6fa012dd51c5a1dde05cb0dc4", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T20:05:43Z/" } ], "url": "https://github.com/concretecms/concretecms/commit/ce5ee2ab83fe8de6fa012dd51c5a1dde05cb0dc4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8661", "reference_id": "CVE-2024-8661", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8661" }, { "reference_url": "https://github.com/advisories/GHSA-xmxj-v2q8-8qx6", "reference_id": "GHSA-xmxj-v2q8-8qx6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xmxj-v2q8-8qx6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33394?format=api", "purl": "pkg:composer/concrete5/concrete5@9.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-x48e-w1z4-57ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.3.4" } ], "aliases": [ "CVE-2024-8661", "GHSA-xmxj-v2q8-8qx6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nuz6-12nr-2yga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163229?format=api", "vulnerability_id": "VCID-pbwe-39av-sydg", "summary": "In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service (high load).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43686", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.7443", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74514", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74516", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74503", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43686" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/8.5.10", "reference_id": "8.5.10", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:20:30Z/" } ], "url": "https://github.com/concretecms/concretecms/releases/8.5.10" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes", "reference_id": "8510-release-notes", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:20:30Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/9.1.3", "reference_id": "9.1.3", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:20:30Z/" } ], "url": "https://github.com/concretecms/concretecms/releases/9.1.3" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes", "reference_id": "913-release-notes", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:20:30Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31", "reference_id": "concrete-cms-security-advisory-2022-10-31", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:20:30Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43686", "reference_id": "CVE-2022-43686", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43686" }, { "reference_url": "https://github.com/advisories/GHSA-3cxx-3f53-m92c", "reference_id": "GHSA-3cxx-3f53-m92c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3cxx-3f53-m92c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27858?format=api", "purl": "pkg:composer/concrete5/concrete5@9.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zw6-abpq-aqee" }, { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-69vg-twmj-jfb2" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-7whk-wmkw-vuec" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-acs4-8efj-jqa5" }, { "vulnerability": "VCID-afq8-b83x-ckfn" }, { "vulnerability": "VCID-bbxq-cdbp-vucg" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-chav-mybs-syd2" }, { "vulnerability": "VCID-cyhv-k8b7-u3dc" }, { "vulnerability": "VCID-d263-cpsv-fkeg" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-fvdb-zeth-8qh7" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-gg3x-yz6u-nygp" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-j9t7-y29v-6bb7" }, { "vulnerability": "VCID-m9p2-uh8x-zuh8" }, { "vulnerability": "VCID-n6yd-31cx-zqh2" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-s6vy-zjm8-n7bc" }, { "vulnerability": "VCID-tgvt-rgwm-d7de" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-ty11-5ff4-s7av" }, { "vulnerability": "VCID-tzyh-y7uc-hff9" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vbae-fwnr-zff5" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-wqt4-uc3s-zbdn" }, { "vulnerability": "VCID-x48e-w1z4-57ab" }, { "vulnerability": "VCID-yc8g-gqaj-8ycj" }, { "vulnerability": "VCID-yjan-urxm-g3a4" }, { "vulnerability": "VCID-yu9q-pa9p-huck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3" } ], "aliases": [ "CVE-2022-43686", "GHSA-3cxx-3f53-m92c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pbwe-39av-sydg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54443?format=api", "vulnerability_id": "VCID-pd9w-6ke4-13hr", "summary": "Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1247", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08195", "scoring_system": "epss", "scoring_elements": "0.92392", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.08195", "scoring_system": "epss", "scoring_elements": "0.92421", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.08195", "scoring_system": "epss", "scoring_elements": "0.92422", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.08195", "scoring_system": "epss", "scoring_elements": "0.92419", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1247" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/59a07472ad6349a2c5fb455837a54ed1fe3f6953", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/59a07472ad6349a2c5fb455837a54ed1fe3f6953" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory", "reference_id": "2024-02-04-security-advisory", "reference_type": "", "scores": [ { "value": "2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T17:30:29Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory" }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes", "reference_id": "925-release-notes", "reference_type": "", "scores": [ { "value": "2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T17:30:29Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1247", "reference_id": "CVE-2024-1247", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1247" }, { "reference_url": "https://github.com/advisories/GHSA-q25h-jch8-gfrp", "reference_id": "GHSA-q25h-jch8-gfrp", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q25h-jch8-gfrp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28873?format=api", "purl": "pkg:composer/concrete5/concrete5@9.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-x48e-w1z4-57ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.5" } ], "aliases": [ "CVE-2024-1247", "GHSA-q25h-jch8-gfrp" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pd9w-6ke4-13hr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34515?format=api", "vulnerability_id": "VCID-pgfy-52ca-wbbf", "summary": "Concrete CMS versions 9.0.0 through 9.3.3 are affected by a\nstored XSS vulnerability in the \"Top Navigator Bar\" block.\nSince the \"Top Navigator Bar\" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the home page.The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6\nwith vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N . This\ndoes not affect versions below 9.0.0 since they do not have the Top\nNavigator Bar Block. Thanks, Chu Quoc Khanh for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54673", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54798", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54814", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54797", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8660" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/f5a01c88fb2630db96e58dcd7f52ea41e516d4e9", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/f5a01c88fb2630db96e58dcd7f52ea41e516d4e9" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/12128", "reference_id": "12128", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T14:26:10Z/" } ], "url": "https://github.com/concretecms/concretecms/pull/12128" }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes", "reference_id": "934-release-notes", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T14:26:10Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8660", "reference_id": "CVE-2024-8660", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8660" }, { "reference_url": "https://github.com/advisories/GHSA-998c-q8hh-h8gv", "reference_id": "GHSA-998c-q8hh-h8gv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-998c-q8hh-h8gv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32957?format=api", "purl": "pkg:composer/concrete5/concrete5@9.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-x48e-w1z4-57ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.3.3" } ], "aliases": [ "CVE-2024-8660", "GHSA-998c-q8hh-h8gv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pgfy-52ca-wbbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163358?format=api", "vulnerability_id": "VCID-pt73-zjft-syhk", "summary": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43968", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71578", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71589", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71492", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71591", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43968" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/8.5.10", "reference_id": "8.5.10", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:39:35Z/" } ], "url": "https://github.com/concretecms/concretecms/releases/8.5.10" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes", "reference_id": "8510-release-notes", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:39:35Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/9.1.3", "reference_id": "9.1.3", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:39:35Z/" } ], "url": "https://github.com/concretecms/concretecms/releases/9.1.3" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes", "reference_id": "913-release-notes", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:39:35Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31", "reference_id": "concrete-cms-security-advisory-2022-10-31", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:39:35Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43968", "reference_id": "CVE-2022-43968", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43968" }, { "reference_url": "https://github.com/advisories/GHSA-8782-xgh5-r7mv", "reference_id": "GHSA-8782-xgh5-r7mv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8782-xgh5-r7mv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27858?format=api", "purl": "pkg:composer/concrete5/concrete5@9.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zw6-abpq-aqee" }, { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-69vg-twmj-jfb2" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-7whk-wmkw-vuec" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-acs4-8efj-jqa5" }, { "vulnerability": "VCID-afq8-b83x-ckfn" }, { "vulnerability": "VCID-bbxq-cdbp-vucg" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-chav-mybs-syd2" }, { "vulnerability": "VCID-cyhv-k8b7-u3dc" }, { "vulnerability": "VCID-d263-cpsv-fkeg" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-fvdb-zeth-8qh7" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-gg3x-yz6u-nygp" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-j9t7-y29v-6bb7" }, { "vulnerability": "VCID-m9p2-uh8x-zuh8" }, { "vulnerability": "VCID-n6yd-31cx-zqh2" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-s6vy-zjm8-n7bc" }, { "vulnerability": "VCID-tgvt-rgwm-d7de" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-ty11-5ff4-s7av" }, { "vulnerability": "VCID-tzyh-y7uc-hff9" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vbae-fwnr-zff5" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-wqt4-uc3s-zbdn" }, { "vulnerability": "VCID-x48e-w1z4-57ab" }, { "vulnerability": "VCID-yc8g-gqaj-8ycj" }, { "vulnerability": "VCID-yjan-urxm-g3a4" }, { "vulnerability": "VCID-yu9q-pa9p-huck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3" } ], "aliases": [ "CVE-2022-43968", "GHSA-8782-xgh5-r7mv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pt73-zjft-syhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85949?format=api", "vulnerability_id": "VCID-qndd-2vmq-guen", "summary": "In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Thanks minhnn42, namdi and quanlna2 from VCSLab-Viettel Cyber Security for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3240", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01379", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01394", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01381", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0139", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3240" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/12826", "reference_id": "12826", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:32:45Z/" } ], "url": "https://github.com/concretecms/concretecms/pull/12826" }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes", "reference_id": "948-release-notes", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:32:45Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3240", "reference_id": "CVE-2026-3240", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3240" }, { "reference_url": "https://github.com/advisories/GHSA-45fj-fvmm-xcc5", "reference_id": "GHSA-45fj-fvmm-xcc5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-45fj-fvmm-xcc5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40145?format=api", "purl": "pkg:composer/concrete5/concrete5@9.4.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8" } ], "aliases": [ "CVE-2026-3240", "GHSA-45fj-fvmm-xcc5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qndd-2vmq-guen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64702?format=api", "vulnerability_id": "VCID-rgjf-p329-vbf8", "summary": "Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3179", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28128", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28142", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28153", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.2793", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3179" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/11988", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/pull/11988" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/11989", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/pull/11989" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.", "reference_id": "8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T20:02:16Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA." }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.", "reference_id": "928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T20:02:16Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA." }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3179", "reference_id": "CVE-2024-3179", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3179" }, { "reference_url": "https://github.com/advisories/GHSA-r7q4-cw9r-vhp4", "reference_id": "GHSA-r7q4-cw9r-vhp4", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r7q4-cw9r-vhp4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30163?format=api", "purl": "pkg:composer/concrete5/concrete5@9.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-x48e-w1z4-57ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8" } ], "aliases": [ "CVE-2024-3179", "GHSA-r7q4-cw9r-vhp4" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rgjf-p329-vbf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85813?format=api", "vulnerability_id": "VCID-rkx3-e4r3-c3gh", "summary": "Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injection into the Express Entry List block via the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed to unserialize() without class restrictions or integrity checks. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 8.9 with vector CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H. Thanks YJK ( @YJK0805 https://hackerone.com/yjk0805 ) of ZUSO ART https://zuso.ai/ for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3452", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.51008", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.51142", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.51139", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.51154", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3452" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/12826/changes/167f16e4805d8ab546d2997c753ac21bf4854920", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/pull/12826/changes/167f16e4805d8ab546d2997c753ac21bf4854920" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/12826/changes/167f16e4805d8ab546d2997c753ac21bf4854920://", "reference_id": "167f16e4805d8ab546d2997c753ac21bf4854920:", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T16:02:03Z/" } ], "url": "https://github.com/concretecms/concretecms/pull/12826/changes/167f16e4805d8ab546d2997c753ac21bf4854920://" }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes", "reference_id": "948-release-notes", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T16:02:03Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3452", "reference_id": "CVE-2026-3452", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3452" }, { "reference_url": "https://github.com/advisories/GHSA-gj26-w59c-29mf", "reference_id": "GHSA-gj26-w59c-29mf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gj26-w59c-29mf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40145?format=api", "purl": "pkg:composer/concrete5/concrete5@9.4.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8" } ], "aliases": [ "CVE-2026-3452", "GHSA-gj26-w59c-29mf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rkx3-e4r3-c3gh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/356846?format=api", "vulnerability_id": "VCID-tgvt-rgwm-d7de", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44760", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46352", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46497", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46507", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46494", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44760" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/sromanhu/ConcreteCMS-Stored-XSS---TrackingCodes", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sromanhu/ConcreteCMS-Stored-XSS---TrackingCodes" }, { "reference_url": "https://github.com/sromanhu/CVE-2023-44760_ConcreteCMS-Stored-XSS---TrackingCodes/issues/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sromanhu/CVE-2023-44760_ConcreteCMS-Stored-XSS---TrackingCodes/issues/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44760", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44760" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-31-concrete-cms-rejects-cve-2023-44760-and-cve-2023-44766", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-31-concrete-cms-rejects-cve-2023-44760-and-cve-2023-44766" }, { "reference_url": "https://github.com/advisories/GHSA-4qv6-37xq-mgq2", "reference_id": "GHSA-4qv6-37xq-mgq2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4qv6-37xq-mgq2" } ], "fixed_packages": [], "aliases": [ "CVE-2023-44760", "GHSA-4qv6-37xq-mgq2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tgvt-rgwm-d7de" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/126308?format=api", "vulnerability_id": "VCID-tt5n-k5h8-xufp", "summary": "", "references": [ { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc5.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc5.md" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2967", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2967" }, { "reference_url": "https://vuldb.com/?ctiid.302019", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://vuldb.com/?ctiid.302019" }, { "reference_url": "https://vuldb.com/?id.302019", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://vuldb.com/?id.302019" }, { "reference_url": "https://vuldb.com/?submit.522417", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://vuldb.com/?submit.522417" }, { "reference_url": "https://github.com/advisories/GHSA-xfqf-5rhg-5c73", "reference_id": "GHSA-xfqf-5rhg-5c73", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xfqf-5rhg-5c73" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/785786?format=api", "purl": "pkg:composer/concrete5/concrete5@9.4.0RC1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-x48e-w1z4-57ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.0RC1" } ], "aliases": [ "CVE-2025-2967", "GHSA-xfqf-5rhg-5c73" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tt5n-k5h8-xufp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/146384?format=api", "vulnerability_id": "VCID-ty11-5ff4-s7av", "summary": "Concrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Request Forgery (CSRF) via ccm/calendar/dialogs/event/delete/submit. An attacker can force an admin to delete events on the site because the event ID is numeric and sequential.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48653", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00839", "scoring_system": "epss", "scoring_elements": "0.75217", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00839", "scoring_system": "epss", "scoring_elements": "0.7522", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00839", "scoring_system": "epss", "scoring_elements": "0.75137", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00839", "scoring_system": "epss", "scoring_elements": "0.75207", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48653" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/077755e6bbbc1c67b7508add9e3d207e8d8909a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/077755e6bbbc1c67b7508add9e3d207e8d8909a0" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/5b93470bcccf271810d3a0b190368ce6a9d6c84b", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/5b93470bcccf271810d3a0b190368ce6a9d6c84b" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates", "reference_id": "2023-12-05-concrete-cms-new-cves-and-cve-updates", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:21:08Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes", "reference_id": "923-release-notes", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:21:08Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48653", "reference_id": "CVE-2023-48653", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48653" }, { "reference_url": "https://github.com/advisories/GHSA-3rxx-8f33-7p6p", "reference_id": "GHSA-3rxx-8f33-7p6p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3rxx-8f33-7p6p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29435?format=api", "purl": "pkg:composer/concrete5/concrete5@9.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-x48e-w1z4-57ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.3" } ], "aliases": [ "CVE-2023-48653", "GHSA-3rxx-8f33-7p6p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ty11-5ff4-s7av" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/146354?format=api", "vulnerability_id": "VCID-tzyh-y7uc-hff9", "summary": "Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48650", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01073", "scoring_system": "epss", "scoring_elements": "0.78255", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01073", "scoring_system": "epss", "scoring_elements": "0.78259", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01073", "scoring_system": "epss", "scoring_elements": "0.78177", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01073", "scoring_system": "epss", "scoring_elements": "0.78245", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48650" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/077755e6bbbc1c67b7508add9e3d207e8d8909a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/077755e6bbbc1c67b7508add9e3d207e8d8909a0" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/5b93470bcccf271810d3a0b190368ce6a9d6c84b", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/5b93470bcccf271810d3a0b190368ce6a9d6c84b" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates", "reference_id": "2023-12-05-concrete-cms-new-cves-and-cve-updates", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-01T18:50:14Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes", "reference_id": "923-release-notes", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-01T18:50:14Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48650", "reference_id": "CVE-2023-48650", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48650" }, { "reference_url": "https://github.com/advisories/GHSA-x577-gcc9-9xjj", "reference_id": "GHSA-x577-gcc9-9xjj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x577-gcc9-9xjj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29435?format=api", "purl": "pkg:composer/concrete5/concrete5@9.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-x48e-w1z4-57ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.3" } ], "aliases": [ "CVE-2023-48650", "GHSA-x577-gcc9-9xjj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tzyh-y7uc-hff9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85311?format=api", "vulnerability_id": "VCID-v39f-kpce-2qhz", "summary": "In Concrete CMS below version 9.4.8, A stored cross-site scripting (XSS) vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page names that executes when users search for and view those pages in search results. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks zolpak for reporting", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3244", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01381", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01394", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01379", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0139", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3244" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/12826", "reference_id": "12826", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:50:43Z/" } ], "url": "https://github.com/concretecms/concretecms/pull/12826" }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes", "reference_id": "948-release-notes", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:50:43Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3244", "reference_id": "CVE-2026-3244", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3244" }, { "reference_url": "https://github.com/advisories/GHSA-mm5f-5rqw-574f", "reference_id": "GHSA-mm5f-5rqw-574f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mm5f-5rqw-574f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40145?format=api", "purl": "pkg:composer/concrete5/concrete5@9.4.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8" } ], "aliases": [ "CVE-2026-3244", "GHSA-mm5f-5rqw-574f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v39f-kpce-2qhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/356851?format=api", "vulnerability_id": "VCID-vbae-fwnr-zff5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44766", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40606", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40773", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40797", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40784", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44766" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/sromanhu/ConcreteCMS-Stored-XSS---SEO", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sromanhu/ConcreteCMS-Stored-XSS---SEO" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44766", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44766" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-31-concrete-cms-rejects-cve-2023-44760-and-cve-2023-44766", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-31-concrete-cms-rejects-cve-2023-44760-and-cve-2023-44766" }, { "reference_url": "https://github.com/advisories/GHSA-437p-jfm4-2387", "reference_id": "GHSA-437p-jfm4-2387", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-437p-jfm4-2387" } ], "fixed_packages": [], "aliases": [ "CVE-2023-44766", "GHSA-437p-jfm4-2387" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vbae-fwnr-zff5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84946?format=api", "vulnerability_id": "VCID-vdtu-qtuw-v3fs", "summary": "Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam Allowlist Group Configuration via group_id parameter which can leads to a security bypass since changes are saved prior to checking the CSRF token. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks z3rco for reporting", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2994", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01454", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01471", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01456", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01463", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2994" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/12826", "reference_id": "12826", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:04:57Z/" } ], "url": "https://github.com/concretecms/concretecms/pull/12826" }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes", "reference_id": "948-release-notes", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:04:57Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2994", "reference_id": "CVE-2026-2994", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2994" }, { "reference_url": "https://github.com/advisories/GHSA-6mxw-2vhf-42g5", "reference_id": "GHSA-6mxw-2vhf-42g5", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6mxw-2vhf-42g5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40145?format=api", "purl": "pkg:composer/concrete5/concrete5@9.4.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8" } ], "aliases": [ "CVE-2026-2994", "GHSA-6mxw-2vhf-42g5" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vdtu-qtuw-v3fs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53916?format=api", "vulnerability_id": "VCID-w8rd-ssb2-pkgx", "summary": "Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user’s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1246", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62662", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62771", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62776", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62764", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1246" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/59a07472ad6349a2c5fb455837a54ed1fe3f6953", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/59a07472ad6349a2c5fb455837a54ed1fe3f6953" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory", "reference_id": "2024-02-04-security-advisory", "reference_type": "", "scores": [ { "value": "2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:14:59Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory" }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes", "reference_id": "925-release-notes", "reference_type": "", "scores": [ { "value": "2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:14:59Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1246", "reference_id": "CVE-2024-1246", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1246" }, { "reference_url": "https://github.com/advisories/GHSA-9v3w-cj7m-qh5g", "reference_id": "GHSA-9v3w-cj7m-qh5g", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9v3w-cj7m-qh5g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28873?format=api", "purl": "pkg:composer/concrete5/concrete5@9.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-x48e-w1z4-57ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.5" } ], "aliases": [ "CVE-2024-1246", "GHSA-9v3w-cj7m-qh5g" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w8rd-ssb2-pkgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47505?format=api", "vulnerability_id": "VCID-wau6-kvqa-pbgu", "summary": "Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave this vulnerability a CVSS v4 score of 5.1 with vector https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Thanks, m3dium for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4350", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01032", "scoring_system": "epss", "scoring_elements": "0.77756", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01032", "scoring_system": "epss", "scoring_elements": "0.77831", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01032", "scoring_system": "epss", "scoring_elements": "0.77825", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01032", "scoring_system": "epss", "scoring_elements": "0.77838", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4350" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/55e485e06b0b3342613a55af6a7c61d939d2ccb5", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/55e485e06b0b3342613a55af6a7c61d939d2ccb5" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/12166", "reference_id": "12166", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:51:55Z/" } ], "url": "https://github.com/concretecms/concretecms/pull/12166" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/8518-release-notes?pk_vid=e367a434ef4830491723055758d52041", "reference_id": "8518-release-notes?pk_vid=e367a434ef4830491723055758d52041", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:51:55Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/8518-release-notes?pk_vid=e367a434ef4830491723055758d52041" }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723060415d52041", "reference_id": "933-release-notes?pk_vid=e367a434ef4830491723060415d52041", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:51:55Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723060415d52041" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/c08d9671cec4e7afdabb547339c4bc0bed8eab06", "reference_id": "c08d9671cec4e7afdabb547339c4bc0bed8eab06", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:51:55Z/" } ], "url": "https://github.com/concretecms/concretecms/commit/c08d9671cec4e7afdabb547339c4bc0bed8eab06" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4350", "reference_id": "CVE-2024-4350", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4350" }, { "reference_url": "https://github.com/advisories/GHSA-q5wx-m95r-4cgc", "reference_id": "GHSA-q5wx-m95r-4cgc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q5wx-m95r-4cgc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32957?format=api", "purl": "pkg:composer/concrete5/concrete5@9.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-x48e-w1z4-57ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.3.3" } ], "aliases": [ "CVE-2024-4350", "GHSA-q5wx-m95r-4cgc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wau6-kvqa-pbgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/146290?format=api", "vulnerability_id": "VCID-wqt4-uc3s-zbdn", "summary": "Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48649", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79877", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79869", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79794", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79859", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48649" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48649", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48649" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/11695", "reference_id": "11695", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R" }, { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T14:36:47Z/" } ], "url": "https://github.com/concretecms/concretecms/pull/11695" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/11739", "reference_id": "11739", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R" }, { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T14:36:47Z/" } ], "url": "https://github.com/concretecms/concretecms/pull/11739" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release", "reference_id": "2023-11-09-security-blog-about-updated-cves-and-new-release", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T14:36:47Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes", "reference_id": "8513-release-notes", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R" }, { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T14:36:47Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes", "reference_id": "922-release-notes", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T14:36:47Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes" }, { "reference_url": "https://github.com/advisories/GHSA-36fr-3wg8-q5v8", "reference_id": "GHSA-36fr-3wg8-q5v8", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-36fr-3wg8-q5v8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379110?format=api", "purl": "pkg:composer/concrete5/concrete5@9.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-chav-mybs-syd2" }, { "vulnerability": "VCID-d263-cpsv-fkeg" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-ty11-5ff4-s7av" }, { "vulnerability": "VCID-tzyh-y7uc-hff9" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-x48e-w1z4-57ab" }, { "vulnerability": "VCID-yc8g-gqaj-8ycj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.2" } ], "aliases": [ "CVE-2023-48649", "GHSA-36fr-3wg8-q5v8" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wqt4-uc3s-zbdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92809?format=api", "vulnerability_id": "VCID-x48e-w1z4-57ab", "summary": "Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page. Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks sealldev (Noah Cooper) for reporting via HackerOne.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8573", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.59175", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.59178", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.59186", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.59062", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8573" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/f7630b467d3a234d3d333ca117046a500e7ee2b6", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/f7630b467d3a234d3d333ca117046a500e7ee2b6" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/tag/9.4.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/releases/tag/9.4.3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8573", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8573" }, { "reference_url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/943-release-notes", "reference_id": "943-release-notes", "reference_type": "", "scores": [ { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-06T14:08:41Z/" } ], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/943-release-notes" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52428.txt", "reference_id": "CVE-2025-8573", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52428.txt" }, { "reference_url": "https://www.concretecms.org/download", "reference_id": "download", "reference_type": "", "scores": [ { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-06T14:08:41Z/" } ], "url": "https://www.concretecms.org/download" }, { "reference_url": "https://github.com/advisories/GHSA-c5xf-rmv4-j85h", "reference_id": "GHSA-c5xf-rmv4-j85h", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c5xf-rmv4-j85h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377524?format=api", "purl": "pkg:composer/concrete5/concrete5@9.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.3" } ], "aliases": [ "CVE-2025-8573", "GHSA-c5xf-rmv4-j85h" ], "risk_score": 5.4, "exploitability": "2.0", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x48e-w1z4-57ab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163065?format=api", "vulnerability_id": "VCID-xfwe-ku14-gfe7", "summary": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43694", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00853", "scoring_system": "epss", "scoring_elements": "0.75376", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00853", "scoring_system": "epss", "scoring_elements": "0.75455", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00853", "scoring_system": "epss", "scoring_elements": "0.7546", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00853", "scoring_system": "epss", "scoring_elements": "0.75447", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43694" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/8.5.10", "reference_id": "8.5.10", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:06:49Z/" } ], "url": "https://github.com/concretecms/concretecms/releases/8.5.10" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes", "reference_id": "8510-release-notes", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:06:49Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/9.1.3", "reference_id": "9.1.3", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:06:49Z/" } ], "url": "https://github.com/concretecms/concretecms/releases/9.1.3" }, { "reference_url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes", "reference_id": "913-release-notes", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:06:49Z/" } ], "url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31", "reference_id": "concrete-cms-security-advisory-2022-10-31", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:06:49Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43694", "reference_id": "CVE-2022-43694", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43694" }, { "reference_url": "https://github.com/advisories/GHSA-jfmc-3975-fv5f", "reference_id": "GHSA-jfmc-3975-fv5f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jfmc-3975-fv5f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27858?format=api", "purl": "pkg:composer/concrete5/concrete5@9.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zw6-abpq-aqee" }, { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-69vg-twmj-jfb2" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-7whk-wmkw-vuec" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-acs4-8efj-jqa5" }, { "vulnerability": "VCID-afq8-b83x-ckfn" }, { "vulnerability": "VCID-bbxq-cdbp-vucg" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-chav-mybs-syd2" }, { "vulnerability": "VCID-cyhv-k8b7-u3dc" }, { "vulnerability": "VCID-d263-cpsv-fkeg" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-fvdb-zeth-8qh7" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-gg3x-yz6u-nygp" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-j9t7-y29v-6bb7" }, { "vulnerability": "VCID-m9p2-uh8x-zuh8" }, { "vulnerability": "VCID-n6yd-31cx-zqh2" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-s6vy-zjm8-n7bc" }, { "vulnerability": "VCID-tgvt-rgwm-d7de" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-ty11-5ff4-s7av" }, { "vulnerability": "VCID-tzyh-y7uc-hff9" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vbae-fwnr-zff5" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-wqt4-uc3s-zbdn" }, { "vulnerability": "VCID-x48e-w1z4-57ab" }, { "vulnerability": "VCID-yc8g-gqaj-8ycj" }, { "vulnerability": "VCID-yjan-urxm-g3a4" }, { "vulnerability": "VCID-yu9q-pa9p-huck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3" } ], "aliases": [ "CVE-2022-43694", "GHSA-jfmc-3975-fv5f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xfwe-ku14-gfe7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/133206?format=api", "vulnerability_id": "VCID-yc8g-gqaj-8ycj", "summary": "Concrete CMS before 9.2.3 allows Stored XSS on the Admin Dashboard via /dashboard/system/basics/name. (8.5 and earlier are unaffected.)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49337", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.64476", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.64464", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.64472", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.64362", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49337" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/07b433799b888c4eb854e052ca58b032ebc6d36f", "reference_id": "07b433799b888c4eb854e052ca58b032ebc6d36f", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:H/S:U/UI:R" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-26T13:59:44Z/" } ], "url": "https://github.com/concretecms/concretecms/commit/07b433799b888c4eb854e052ca58b032ebc6d36f" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates", "reference_id": "2023-12-05-concrete-cms-new-cves-and-cve-updates", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:H/S:U/UI:R" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-26T13:59:44Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates" }, { "reference_url": "https://hackerone.com/reports/2232594", "reference_id": "2232594", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:H/S:U/UI:R" }, { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-26T13:59:44Z/" } ], "url": "https://hackerone.com/reports/2232594" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49337", "reference_id": "CVE-2023-49337", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49337" }, { "reference_url": "https://github.com/advisories/GHSA-9xxv-q6pp-96wq", "reference_id": "GHSA-9xxv-q6pp-96wq", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9xxv-q6pp-96wq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29435?format=api", "purl": "pkg:composer/concrete5/concrete5@9.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-x48e-w1z4-57ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.3" } ], "aliases": [ "CVE-2023-49337", "GHSA-9xxv-q6pp-96wq" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yc8g-gqaj-8ycj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/134414?format=api", "vulnerability_id": "VCID-yjan-urxm-g3a4", "summary": "Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28473", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.73474", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.73476", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.73461", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.73386", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28473" }, { "reference_url": "https://github.com/concretecms/concretecms", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms" }, { "reference_url": "https://github.com/concretecms/concretecms/pull/11749", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/pull/11749" }, { "reference_url": "https://github.com/concretecms/concretecms/releases/tag/8.5.13", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/releases/tag/8.5.13" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28473", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28473" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release", "reference_id": "2023-11-09-security-blog-about-updated-cves-and-new-release", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:41:07Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release" }, { "reference_url": "https://concretecms.com", "reference_id": "concretecms.com", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:41:07Z/" } ], "url": "https://concretecms.com" }, { "reference_url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20", "reference_id": "concrete-cms-security-advisory-2023-04-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:41:07Z/" } ], "url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20" }, { "reference_url": "https://github.com/advisories/GHSA-pj76-75cm-3552", "reference_id": "GHSA-pj76-75cm-3552", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pj76-75cm-3552" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379355?format=api", "purl": "pkg:composer/concrete5/concrete5@9.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-7whk-wmkw-vuec" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-acs4-8efj-jqa5" }, { "vulnerability": "VCID-afq8-b83x-ckfn" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-chav-mybs-syd2" }, { "vulnerability": "VCID-d263-cpsv-fkeg" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-fvdb-zeth-8qh7" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-gg3x-yz6u-nygp" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-n6yd-31cx-zqh2" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tgvt-rgwm-d7de" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-ty11-5ff4-s7av" }, { "vulnerability": "VCID-tzyh-y7uc-hff9" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vbae-fwnr-zff5" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-wqt4-uc3s-zbdn" }, { "vulnerability": "VCID-x48e-w1z4-57ab" }, { "vulnerability": "VCID-yc8g-gqaj-8ycj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0" } ], "aliases": [ "CVE-2023-28473", "GHSA-pj76-75cm-3552" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yjan-urxm-g3a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/355649?format=api", "vulnerability_id": "VCID-yu9q-pa9p-huck", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28475", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02087", "scoring_system": "epss", "scoring_elements": "0.84375", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02087", "scoring_system": "epss", "scoring_elements": "0.8443", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02087", "scoring_system": "epss", "scoring_elements": "0.84439", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02087", "scoring_system": "epss", "scoring_elements": "0.84432", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28475" }, { "reference_url": "https://github.com/concretecms/concretecms/commit/861ba66d248165c9ee9d6d11a0457908b97d68f0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/concretecms/concretecms/commit/861ba66d248165c9ee9d6d11a0457908b97d68f0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28475", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28475" }, { "reference_url": "https://github.com/advisories/GHSA-vcpr-hm2m-gjjj", "reference_id": "GHSA-vcpr-hm2m-gjjj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vcpr-hm2m-gjjj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379355?format=api", "purl": "pkg:composer/concrete5/concrete5@9.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a3x-n2fy-eqce" }, { "vulnerability": "VCID-2x2h-cef1-yfee" }, { "vulnerability": "VCID-3514-7uhf-pufd" }, { "vulnerability": "VCID-542x-fkyy-sfcp" }, { "vulnerability": "VCID-7mj3-9jvf-vudw" }, { "vulnerability": "VCID-7whk-wmkw-vuec" }, { "vulnerability": "VCID-8war-c3pp-kuf5" }, { "vulnerability": "VCID-9j62-yk3f-bfgk" }, { "vulnerability": "VCID-9z1s-b811-3ug2" }, { "vulnerability": "VCID-acs4-8efj-jqa5" }, { "vulnerability": "VCID-afq8-b83x-ckfn" }, { "vulnerability": "VCID-c2xh-rq7d-wqey" }, { "vulnerability": "VCID-chav-mybs-syd2" }, { "vulnerability": "VCID-d263-cpsv-fkeg" }, { "vulnerability": "VCID-d4bd-m93f-aqf2" }, { "vulnerability": "VCID-dgf1-ded8-4uef" }, { "vulnerability": "VCID-dx1t-b982-5ucd" }, { "vulnerability": "VCID-eyep-q35n-ebcv" }, { "vulnerability": "VCID-fvdb-zeth-8qh7" }, { "vulnerability": "VCID-g134-5qhy-mudn" }, { "vulnerability": "VCID-gg3x-yz6u-nygp" }, { "vulnerability": "VCID-hdw7-spv5-k3c6" }, { "vulnerability": "VCID-htqe-191f-1yab" }, { "vulnerability": "VCID-n6yd-31cx-zqh2" }, { "vulnerability": "VCID-nahk-p3f1-8bee" }, { "vulnerability": "VCID-nuz6-12nr-2yga" }, { "vulnerability": "VCID-pd9w-6ke4-13hr" }, { "vulnerability": "VCID-pgfy-52ca-wbbf" }, { "vulnerability": "VCID-qndd-2vmq-guen" }, { "vulnerability": "VCID-rgjf-p329-vbf8" }, { "vulnerability": "VCID-rkx3-e4r3-c3gh" }, { "vulnerability": "VCID-tgvt-rgwm-d7de" }, { "vulnerability": "VCID-tt5n-k5h8-xufp" }, { "vulnerability": "VCID-ty11-5ff4-s7av" }, { "vulnerability": "VCID-tzyh-y7uc-hff9" }, { "vulnerability": "VCID-v39f-kpce-2qhz" }, { "vulnerability": "VCID-vbae-fwnr-zff5" }, { "vulnerability": "VCID-vdtu-qtuw-v3fs" }, { "vulnerability": "VCID-w8rd-ssb2-pkgx" }, { "vulnerability": "VCID-wau6-kvqa-pbgu" }, { "vulnerability": "VCID-wqt4-uc3s-zbdn" }, { "vulnerability": "VCID-x48e-w1z4-57ab" }, { "vulnerability": "VCID-yc8g-gqaj-8ycj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0" } ], "aliases": [ "CVE-2023-28475", "GHSA-vcpr-hm2m-gjjj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yu9q-pa9p-huck" } ], "fixing_vulnerabilities": [], "risk_score": "5.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.1" }