{"url":"http://public2.vulnerablecode.io/api/packages/518431?format=json","purl":"pkg:composer/concrete5/concrete5@8.0.2","type":"composer","namespace":"concrete5","name":"concrete5","version":"8.0.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.4.0-RC1","latest_non_vulnerable_version":"9.4.8","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/355650?format=json","vulnerability_id":"VCID-1zw6-abpq-aqee","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28476","reference_id":"","reference_type":"","scores":[{"value":"0.01758","scoring_system":"epss","scoring_elements":"0.83005","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28476"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28476","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28476"},{"reference_url":"https://github.com/advisories/GHSA-2ggc-552c-rmqr","reference_id":"GHSA-2ggc-552c-rmqr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2ggc-552c-rmqr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379355?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0"}],"aliases":["CVE-2023-28476","GHSA-2ggc-552c-rmqr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1zw6-abpq-aqee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64134?format=json","vulnerability_id":"VCID-2a3x-n2fy-eqce","summary":"Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3180","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2793","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3180"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295"},{"reference_url":"https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.","reference_id":"8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T19:52:55Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA."},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.","reference_id":"928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T19:52:55Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA."},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3180","reference_id":"CVE-2024-3180","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3180"},{"reference_url":"https://github.com/advisories/GHSA-9qhc-pg6j-wf23","reference_id":"GHSA-9qhc-pg6j-wf23","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9qhc-pg6j-wf23"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30162?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.16"},{"url":"http://public2.vulnerablecode.io/api/packages/30163?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8"}],"aliases":["CVE-2024-3180","GHSA-9qhc-pg6j-wf23"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2a3x-n2fy-eqce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/355682?format=json","vulnerability_id":"VCID-2fk1-gqz6-kbcy","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28819","reference_id":"","reference_type":"","scores":[{"value":"0.02002","scoring_system":"epss","scoring_elements":"0.84047","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28819"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11749","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11749"},{"reference_url":"https://github.com/concretecms/concretecms/releases/tag/8.5.13","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/releases/tag/8.5.13"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28819","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28819"},{"reference_url":"https://github.com/advisories/GHSA-474f-mcjv-pgrm","reference_id":"GHSA-474f-mcjv-pgrm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-474f-mcjv-pgrm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379545?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-4h16-ay16-qkcs"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-56qq-9y15-nkb7"},{"vulnerability":"VCID-683x-bjfm-j3hh"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-71ae-y44g-kbbw"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9kyu-9sz6-1bea"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-g3pw-h46n-fyac"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-h56x-jv8r-a3aq"},{"vulnerability":"VCID-h67e-b4s5-guac"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-he4r-v9gv-tkdh"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-mjce-crza-h7d4"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbwe-39av-sydg"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-pt73-zjft-syhk"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-xfwe-ku14-gfe7"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.0"}],"aliases":["CVE-2023-28819","GHSA-474f-mcjv-pgrm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2fk1-gqz6-kbcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64296?format=json","vulnerability_id":"VCID-3514-7uhf-pufd","summary":"Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All administrators have access to the File Manager and hence could create a search filter with the malicious code attached. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator .","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3178","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2793","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3178"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295"},{"reference_url":"https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11988","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11988"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11989","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11989"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.","reference_id":"8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T19:59:20Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA."},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.","reference_id":"928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T19:59:20Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA."},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3178","reference_id":"CVE-2024-3178","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3178"},{"reference_url":"https://github.com/advisories/GHSA-xwrh-qxmc-x8c8","reference_id":"GHSA-xwrh-qxmc-x8c8","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xwrh-qxmc-x8c8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30162?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.16"},{"url":"http://public2.vulnerablecode.io/api/packages/30163?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8"}],"aliases":["CVE-2024-3178","GHSA-xwrh-qxmc-x8c8"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3514-7uhf-pufd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208121?format=json","vulnerability_id":"VCID-45c5-bada-byca","summary":"Cross Site Request Forgery in concrete5/concrete5","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22954","reference_id":"","reference_type":"","scores":[{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35164","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22954"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/90-release-notes","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/90-release-notes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22954","reference_id":"CVE-2021-22954","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22954"},{"reference_url":"https://github.com/advisories/GHSA-gr23-g276-xc73","reference_id":"GHSA-gr23-g276-xc73","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gr23-g276-xc73"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19309?format=json","purl":"pkg:composer/concrete5/concrete5@9.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2fk1-gqz6-kbcy"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-4h16-ay16-qkcs"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-56qq-9y15-nkb7"},{"vulnerability":"VCID-683x-bjfm-j3hh"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-71ae-y44g-kbbw"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9kyu-9sz6-1bea"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-e9xf-aufp-7ffa"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-g3pw-h46n-fyac"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-h56x-jv8r-a3aq"},{"vulnerability":"VCID-h67e-b4s5-guac"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-he4r-v9gv-tkdh"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-mjce-crza-h7d4"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbqg-vpwf-rkfr"},{"vulnerability":"VCID-pbwe-39av-sydg"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-pt73-zjft-syhk"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-xfwe-ku14-gfe7"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.0.0"}],"aliases":["CVE-2021-22954","GHSA-gr23-g276-xc73"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-45c5-bada-byca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163147?format=json","vulnerability_id":"VCID-4h16-ay16-qkcs","summary":"Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS allows association with an entity name that doesn’t exist or, if it does exist, contains XSS since it was not properly sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43695","reference_id":"","reference_type":"","scores":[{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.67284","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43695"},{"reference_url":"https://github.com/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43695","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43695"},{"reference_url":"https://github.com/concretecms/concretecms/releases/8.5.10","reference_id":"8.5.10","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:28:45Z/"}],"url":"https://github.com/concretecms/concretecms/releases/8.5.10"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"8510-release-notes","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:28:45Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms/releases/9.1.3","reference_id":"9.1.3","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:28:45Z/"}],"url":"https://github.com/concretecms/concretecms/releases/9.1.3"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"913-release-notes","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:28:45Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"concrete-cms-security-advisory-2022-10-31","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:28:45Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://github.com/advisories/GHSA-8699-h45g-7hm8","reference_id":"GHSA-8699-h45g-7hm8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8699-h45g-7hm8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27854?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2fk1-gqz6-kbcy"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-e9xf-aufp-7ffa"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbqg-vpwf-rkfr"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/27858?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-s6vy-zjm8-n7bc"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3"}],"aliases":["CVE-2022-43695","GHSA-8699-h45g-7hm8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4h16-ay16-qkcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63186?format=json","vulnerability_id":"VCID-542x-fkyy-sfcp","summary":"Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5.16 is vulnerable to Stored XSS on the calendar color settings screen since Information input by the user is output without escaping. A rogue administrator could inject malicious javascript into the Calendar Color Settings screen which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.0 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N&version=3.1 https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator   \n\nThank you Rikuto Tauchi for reporting","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2753","reference_id":"","reference_type":"","scores":[{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48202","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2753"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295"},{"reference_url":"https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.","reference_id":"8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:53:05Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA."},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.","reference_id":"928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:53:05Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA."},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2753","reference_id":"CVE-2024-2753","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2753"},{"reference_url":"https://github.com/advisories/GHSA-pj42-r64f-4xfq","reference_id":"GHSA-pj42-r64f-4xfq","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pj42-r64f-4xfq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30162?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.16"},{"url":"http://public2.vulnerablecode.io/api/packages/30163?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8"}],"aliases":["CVE-2024-2753","GHSA-pj42-r64f-4xfq"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-542x-fkyy-sfcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163073?format=json","vulnerability_id":"VCID-56qq-9y15-nkb7","summary":"Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS - user can cause an administrator to trigger reflected XSS with a url if the targeted administrator is using an old browser that lacks XSS protection. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43692","reference_id":"","reference_type":"","scores":[{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71492","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43692"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/0bd65388e5a6d455d8b2469fc166f1b6fdf1abbb","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/0bd65388e5a6d455d8b2469fc166f1b6fdf1abbb"},{"reference_url":"https://github.com/concretecms/concretecms/commit/5e353be6a12764dbc2338246f2c1b6058cdfd037","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/5e353be6a12764dbc2338246f2c1b6058cdfd037"},{"reference_url":"https://github.com/concretecms/concretecms/pull/10996","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/10996"},{"reference_url":"https://github.com/concretecms/concretecms/releases/8.5.10","reference_id":"8.5.10","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:10:04Z/"}],"url":"https://github.com/concretecms/concretecms/releases/8.5.10"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"8510-release-notes","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:10:04Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms/releases/9.1.3","reference_id":"9.1.3","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:10:04Z/"}],"url":"https://github.com/concretecms/concretecms/releases/9.1.3"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"913-release-notes","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:10:04Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"concrete-cms-security-advisory-2022-10-31","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:10:04Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43692","reference_id":"CVE-2022-43692","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43692"},{"reference_url":"https://github.com/advisories/GHSA-rg6w-c352-p8pg","reference_id":"GHSA-rg6w-c352-p8pg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rg6w-c352-p8pg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27854?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2fk1-gqz6-kbcy"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-e9xf-aufp-7ffa"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbqg-vpwf-rkfr"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/27858?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-s6vy-zjm8-n7bc"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3"}],"aliases":["CVE-2022-43692","GHSA-rg6w-c352-p8pg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-56qq-9y15-nkb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/162870?format=json","vulnerability_id":"VCID-683x-bjfm-j3hh","summary":"Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43689","reference_id":"","reference_type":"","scores":[{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52667","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43689"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/releases/8.5.10","reference_id":"8.5.10","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:16:39Z/"}],"url":"https://github.com/concretecms/concretecms/releases/8.5.10"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"8510-release-notes","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:16:39Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms/releases/9.1.3","reference_id":"9.1.3","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:16:39Z/"}],"url":"https://github.com/concretecms/concretecms/releases/9.1.3"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"913-release-notes","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:16:39Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"concrete-cms-security-advisory-2022-10-31","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:16:39Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43689","reference_id":"CVE-2022-43689","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43689"},{"reference_url":"https://github.com/advisories/GHSA-q48r-xg9h-78m8","reference_id":"GHSA-q48r-xg9h-78m8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q48r-xg9h-78m8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27854?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2fk1-gqz6-kbcy"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-e9xf-aufp-7ffa"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbqg-vpwf-rkfr"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/27878?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-4h16-ay16-qkcs"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-56qq-9y15-nkb7"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-71ae-y44g-kbbw"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9kyu-9sz6-1bea"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-g3pw-h46n-fyac"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-h56x-jv8r-a3aq"},{"vulnerability":"VCID-h67e-b4s5-guac"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-he4r-v9gv-tkdh"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-mjce-crza-h7d4"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbwe-39av-sydg"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-pt73-zjft-syhk"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-xfwe-ku14-gfe7"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.2"}],"aliases":["CVE-2022-43689","GHSA-q48r-xg9h-78m8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-683x-bjfm-j3hh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/134496?format=json","vulnerability_id":"VCID-69vg-twmj-jfb2","summary":"Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS via a container name.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28471","reference_id":"","reference_type":"","scores":[{"value":"0.01927","scoring_system":"epss","scoring_elements":"0.83763","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28471"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28471","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28471"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates","reference_id":"2023-12-05-concrete-cms-new-cves-and-cve-updates","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:13Z/"}],"url":"https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates"},{"reference_url":"https://concretecms.com","reference_id":"concretecms.com","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:13Z/"}],"url":"https://concretecms.com"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20","reference_id":"concrete-cms-security-advisory-2023-04-20","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:13Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20"},{"reference_url":"https://github.com/advisories/GHSA-9h33-5fxw-r2xv","reference_id":"GHSA-9h33-5fxw-r2xv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9h33-5fxw-r2xv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379355?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0"}],"aliases":["CVE-2023-28471","GHSA-9h33-5fxw-r2xv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-69vg-twmj-jfb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163154?format=json","vulnerability_id":"VCID-71ae-y44g-kbbw","summary":"Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Thanks @_akbar_jafarli_ for reporting. Remediate by updating to Concrete CMS 8.5.10 and Concrete CMS 9.1.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43556","reference_id":"","reference_type":"","scores":[{"value":"0.01853","scoring_system":"epss","scoring_elements":"0.83431","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43556"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"8510-release-notes","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:59:04Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"913-release-notes","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:59:04Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"concrete-cms-security-advisory-2022-10-31","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:59:04Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43556","reference_id":"CVE-2022-43556","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43556"},{"reference_url":"https://github.com/advisories/GHSA-xj33-8r43-r227","reference_id":"GHSA-xj33-8r43-r227","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xj33-8r43-r227"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27854?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2fk1-gqz6-kbcy"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-e9xf-aufp-7ffa"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbqg-vpwf-rkfr"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/27858?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-s6vy-zjm8-n7bc"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3"}],"aliases":["CVE-2022-43556","GHSA-xj33-8r43-r227"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-71ae-y44g-kbbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/120419?format=json","vulnerability_id":"VCID-7mj3-9jvf-vudw","summary":"Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The \"Add Folder\" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names.  The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N. Versions below 9 are not affected. Thanks, Alfin Joseph for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0660","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43779","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0660"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-0660","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-0660"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12454","reference_id":"12454","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:38:19Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12454"},{"reference_url":"https://github.com/concretecms/bedrock/pull/370","reference_id":"370","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:38:19Z/"}],"url":"https://github.com/concretecms/bedrock/pull/370"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes","reference_id":"940-release-notes","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:38:19Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes"},{"reference_url":"https://github.com/advisories/GHSA-pvmx-mjmh-jfcx","reference_id":"GHSA-pvmx-mjmh-jfcx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pvmx-mjmh-jfcx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/785786?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.0RC1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.0RC1"},{"url":"http://public2.vulnerablecode.io/api/packages/377800?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.0-RC1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.0-RC1"}],"aliases":["CVE-2025-0660","GHSA-pvmx-mjmh-jfcx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7mj3-9jvf-vudw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356848?format=json","vulnerability_id":"VCID-7whk-wmkw-vuec","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44763","reference_id":"","reference_type":"","scores":[{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50709","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44763"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/sromanhu/ConcreteCMS-Arbitrary-file-upload-Thumbnail","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sromanhu/ConcreteCMS-Arbitrary-file-upload-Thumbnail"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44763","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44763"},{"reference_url":"https://web.archive.org/web/20231026034159/https://documentation.concretecms.org/user-guide/editors-reference/dashboard/system-and-maintenance/files/allowed-file-types","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20231026034159/https://documentation.concretecms.org/user-guide/editors-reference/dashboard/system-and-maintenance/files/allowed-file-types"},{"reference_url":"https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-25-concrete-cms-rejects-cve-2023-44763","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-25-concrete-cms-rejects-cve-2023-44763"},{"reference_url":"https://github.com/advisories/GHSA-wrp2-6v6j-hfmg","reference_id":"GHSA-wrp2-6v6j-hfmg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wrp2-6v6j-hfmg"}],"fixed_packages":[],"aliases":["CVE-2023-44763","GHSA-wrp2-6v6j-hfmg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7whk-wmkw-vuec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63538?format=json","vulnerability_id":"VCID-8war-c3pp-kuf5","summary":"Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Name field which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.2 with a vector of AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N  Concrete versions below 9 do not include group types so they are not affected by this vulnerability. Thanks Luca Fuda for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2179","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.3095","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2179"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/ac1ec9b069acac79869b2988e1f56cc5565a3dd4","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/ac1ec9b069acac79869b2988e1f56cc5565a3dd4"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/927-release-notes","reference_id":"927-release-notes","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-06T20:22:19Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/927-release-notes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2179","reference_id":"CVE-2024-2179","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2179"},{"reference_url":"https://github.com/advisories/GHSA-4m7h-34xm-4wjv","reference_id":"GHSA-4m7h-34xm-4wjv","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4m7h-34xm-4wjv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29537?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.7"}],"aliases":["CVE-2024-2179","GHSA-4m7h-34xm-4wjv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8war-c3pp-kuf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210371?format=json","vulnerability_id":"VCID-8zjc-zm76-27dr","summary":"Concrete CMS Cross-site Scripting via Survey Blocks","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28145","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41522","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28145"},{"reference_url":"https://documentation.concrete5.org/developers/introduction/version-history/855-release-notes","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://documentation.concrete5.org/developers/introduction/version-history/855-release-notes"},{"reference_url":"https://www.concrete5.org/developers/security","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.concrete5.org/developers/security"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28145","reference_id":"CVE-2021-28145","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28145"},{"reference_url":"https://github.com/S1lkys/CVE-2021-40101","reference_id":"CVE-2021-40101","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/S1lkys/CVE-2021-40101"},{"reference_url":"https://github.com/advisories/GHSA-7388-7vq2-m4f4","reference_id":"GHSA-7388-7vq2-m4f4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7388-7vq2-m4f4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23235?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2fk1-gqz6-kbcy"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-45c5-bada-byca"},{"vulnerability":"VCID-4h16-ay16-qkcs"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-56qq-9y15-nkb7"},{"vulnerability":"VCID-683x-bjfm-j3hh"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-71ae-y44g-kbbw"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9kyu-9sz6-1bea"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-e9xf-aufp-7ffa"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-g3pw-h46n-fyac"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-h56x-jv8r-a3aq"},{"vulnerability":"VCID-h67e-b4s5-guac"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-he4r-v9gv-tkdh"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-mjce-crza-h7d4"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbqg-vpwf-rkfr"},{"vulnerability":"VCID-pbwe-39av-sydg"},{"vulnerability":"VCID-pt73-zjft-syhk"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-xfwe-ku14-gfe7"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.5"}],"aliases":["CVE-2021-28145","GHSA-7388-7vq2-m4f4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8zjc-zm76-27dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64388?format=json","vulnerability_id":"VCID-9j62-yk3f-bfgk","summary":"Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3181","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2793","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3181"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295"},{"reference_url":"https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.","reference_id":"8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T15:34:26Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA."},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.","reference_id":"928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T15:34:26Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA."},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3181","reference_id":"CVE-2024-3181","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3181"},{"reference_url":"https://github.com/advisories/GHSA-qgm9-rxmq-jxmq","reference_id":"GHSA-qgm9-rxmq-jxmq","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qgm9-rxmq-jxmq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30162?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.16"},{"url":"http://public2.vulnerablecode.io/api/packages/30163?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8"}],"aliases":["CVE-2024-3181","GHSA-qgm9-rxmq-jxmq"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9j62-yk3f-bfgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/162962?format=json","vulnerability_id":"VCID-9kyu-9sz6-1bea","summary":"Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information (secrets in environment variables and server information) when Debug Mode is left on in production.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43691","reference_id":"","reference_type":"","scores":[{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43743","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43691"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/releases/8.5.10","reference_id":"8.5.10","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:12:15Z/"}],"url":"https://github.com/concretecms/concretecms/releases/8.5.10"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"8510-release-notes","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:12:15Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms/releases/9.1.3","reference_id":"9.1.3","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:12:15Z/"}],"url":"https://github.com/concretecms/concretecms/releases/9.1.3"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"913-release-notes","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:12:15Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"concrete-cms-security-advisory-2022-10-31","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:12:15Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43691","reference_id":"CVE-2022-43691","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43691"},{"reference_url":"https://github.com/advisories/GHSA-q3hq-hm5h-qrx3","reference_id":"GHSA-q3hq-hm5h-qrx3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q3hq-hm5h-qrx3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27854?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2fk1-gqz6-kbcy"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-e9xf-aufp-7ffa"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbqg-vpwf-rkfr"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/27858?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-s6vy-zjm8-n7bc"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3"}],"aliases":["CVE-2022-43691","GHSA-q3hq-hm5h-qrx3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9kyu-9sz6-1bea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356850?format=json","vulnerability_id":"VCID-acs4-8efj-jqa5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44765","reference_id":"","reference_type":"","scores":[{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53584","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44765"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11746","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11746"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11746/commits/0f0564232e0a49719d0bdff6223539b624f116ee","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11746/commits/0f0564232e0a49719d0bdff6223539b624f116ee"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11746/commits/92bcc208078571f4beda38cb0952f8e99887737a","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11746/commits/92bcc208078571f4beda38cb0952f8e99887737a"},{"reference_url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Associations","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Associations"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44765","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44765"},{"reference_url":"https://github.com/advisories/GHSA-6xx7-r8x4-fpjp","reference_id":"GHSA-6xx7-r8x4-fpjp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6xx7-r8x4-fpjp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379110?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.2"}],"aliases":["CVE-2023-44765","GHSA-6xx7-r8x4-fpjp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-acs4-8efj-jqa5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356849?format=json","vulnerability_id":"VCID-afq8-b83x-ckfn","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44764","reference_id":"","reference_type":"","scores":[{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43982","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44764"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Site_Installation","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Site_Installation"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44764","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44764"},{"reference_url":"https://github.com/advisories/GHSA-j6h5-ggv2-3rfv","reference_id":"GHSA-j6h5-ggv2-3rfv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j6h5-ggv2-3rfv"}],"fixed_packages":[],"aliases":["CVE-2023-44764","GHSA-j6h5-ggv2-3rfv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-afq8-b83x-ckfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/355651?format=json","vulnerability_id":"VCID-bbxq-cdbp-vucg","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28477","reference_id":"","reference_type":"","scores":[{"value":"0.02044","scoring_system":"epss","scoring_elements":"0.84219","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28477"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/546cef6ec29208d5c079113635cd6e6b250e9f7c","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/546cef6ec29208d5c079113635cd6e6b250e9f7c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28477","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28477"},{"reference_url":"https://github.com/advisories/GHSA-xfmj-r86m-j2hr","reference_id":"GHSA-xfmj-r86m-j2hr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xfmj-r86m-j2hr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379355?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0"}],"aliases":["CVE-2023-28477","GHSA-xfmj-r86m-j2hr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bbxq-cdbp-vucg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45535?format=json","vulnerability_id":"VCID-c2xh-rq7d-wqey","summary":"Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. Users or groups with permission to create event calendars can embed scripts, and users or groups with permission to modify event calendars can execute scripts. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N Thank you, Yusuke Uchida for reporting. CNA updated this risk rank on 20 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7398","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40884","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7398"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12183","reference_id":"12183","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:04:57Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12183"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12184","reference_id":"12184","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:04:57Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12184"},{"reference_url":"https://github.com/concretecms/concretecms/commit/7c8ed0d1d9db0d7f6df7fa066e0858ea618451a5","reference_id":"7c8ed0d1d9db0d7f6df7fa066e0858ea618451a5","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:04:57Z/"}],"url":"https://github.com/concretecms/concretecms/commit/7c8ed0d1d9db0d7f6df7fa066e0858ea618451a5"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes","reference_id":"8519-release-notes","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:04:57Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes","reference_id":"934-release-notes","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:04:57Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7398","reference_id":"CVE-2024-7398","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7398"},{"reference_url":"https://github.com/advisories/GHSA-x8h2-255q-jg4x","reference_id":"GHSA-x8h2-255q-jg4x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x8h2-255q-jg4x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33393?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.19"},{"url":"http://public2.vulnerablecode.io/api/packages/33394?format=json","purl":"pkg:composer/concrete5/concrete5@9.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.3.4"}],"aliases":["CVE-2024-7398","GHSA-x8h2-255q-jg4x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c2xh-rq7d-wqey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/355648?format=json","vulnerability_id":"VCID-cyhv-k8b7-u3dc","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28472","reference_id":"","reference_type":"","scores":[{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64452","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28472"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11749","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11749"},{"reference_url":"https://github.com/concretecms/concretecms/releases/tag/8.5.13","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/releases/tag/8.5.13"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28472","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28472"},{"reference_url":"https://github.com/advisories/GHSA-f55r-8rcv-mqcf","reference_id":"GHSA-f55r-8rcv-mqcf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f55r-8rcv-mqcf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379355?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0"}],"aliases":["CVE-2023-28472","GHSA-f55r-8rcv-mqcf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cyhv-k8b7-u3dc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/357423?format=json","vulnerability_id":"VCID-d263-cpsv-fkeg","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48652","reference_id":"","reference_type":"","scores":[{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.5668","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48652"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48652","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48652"},{"reference_url":"https://github.com/advisories/GHSA-qp42-5pj7-4ccm","reference_id":"GHSA-qp42-5pj7-4ccm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qp42-5pj7-4ccm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29435?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.3"}],"aliases":["CVE-2023-48652","GHSA-qp42-5pj7-4ccm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d263-cpsv-fkeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85463?format=json","vulnerability_id":"VCID-d4bd-m93f-aqf2","summary":"In Concrete CMS below version 9.4.8, a rogue administrator can add stored XSS via the Switch Language block.  The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N.  Thanks M3dium for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3242","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01379","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3242"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12826","reference_id":"12826","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:42:24Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12826"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes","reference_id":"948-release-notes","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:42:24Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3242","reference_id":"CVE-2026-3242","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3242"},{"reference_url":"https://github.com/advisories/GHSA-w9qg-chfh-g3q9","reference_id":"GHSA-w9qg-chfh-g3q9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w9qg-chfh-g3q9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40145?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8"}],"aliases":["CVE-2026-3242","GHSA-w9qg-chfh-g3q9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d4bd-m93f-aqf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/127526?format=json","vulnerability_id":"VCID-dgf1-ded8-4uef","summary":"Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 are vulnerable to CSRF and XSS in the Concrete CMS Address attribute because addresses are not properly sanitized in the output when a country is not specified.  Attackers are limited to individuals whom a site administrator has granted the ability to fill in an address attribute. It is possible for the attacker to glean limited information from the site but amount and type is restricted by mitigating controls and the level of access of the attacker. Limited data modification is possible. The dashboard page itself could be rendered unavailable. \nThe fix only sanitizes new data uploaded post update to Concrete CMS 9.4.0RC2. Existing database entries added before the update will still be “live” if there were successful exploits added under previous versions; a database search is recommended. The Concrete CMS security team gave this vulnerability CVSS v.4.0 score of 5.1  with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L Thanks Myq Larson for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3153","reference_id":"","reference_type":"","scores":[{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56494","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3153"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3153","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3153"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12511","reference_id":"12511","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:04:27Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12511"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12512","reference_id":"12512","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:04:27Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12512"},{"reference_url":"https://github.com/concretecms/concretecms/releases/tag/8.5.20","reference_id":"8.5.20","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:04:27Z/"}],"url":"https://github.com/concretecms/concretecms/releases/tag/8.5.20"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes","reference_id":"940-release-notes","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:04:27Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes"},{"reference_url":"https://github.com/advisories/GHSA-cmm4-p9v2-q453","reference_id":"GHSA-cmm4-p9v2-q453","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cmm4-p9v2-q453"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376518?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.20"},{"url":"http://public2.vulnerablecode.io/api/packages/376517?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.0-RC2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.0-RC2"},{"url":"http://public2.vulnerablecode.io/api/packages/791691?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.0RC2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.0RC2"}],"aliases":["CVE-2025-3153","GHSA-cmm4-p9v2-q453"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dgf1-ded8-4uef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92329?format=json","vulnerability_id":"VCID-dx1t-b982-5ucd","summary":"Concrete CMS 9 to 9.4.2 and versions below 8.5.21 are vulnerable to Reflected Cross-Site Scripting (XSS) in the Conversation Messages Dashboard Page. Unsanitized input could cause theft of session cookies or tokens, defacement of web content, redirection to malicious sites, and (if victim is an admin), the execution of unauthorized actions. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks  Fortbridge https://fortbridge.co.uk/  for performing a penetration test and vulnerability assessment on Concrete CMS and reporting this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8571","reference_id":"","reference_type":"","scores":[{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49646","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8571"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/4b39dcc17c309dc82eb8398e8cdb146942f62f92","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/4b39dcc17c309dc82eb8398e8cdb146942f62f92"},{"reference_url":"https://github.com/concretecms/concretecms/commit/f7630b467d3a234d3d333ca117046a500e7ee2b6","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/f7630b467d3a234d3d333ca117046a500e7ee2b6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8571","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8571"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8521-release-notes","reference_id":"8521-release-notes","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-06T16:14:47Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8521-release-notes"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/943-release-notes","reference_id":"943-release-notes","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-06T16:14:47Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/943-release-notes"},{"reference_url":"https://www.concretecms.org/download","reference_id":"download","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-06T16:14:47Z/"}],"url":"https://www.concretecms.org/download"},{"reference_url":"https://github.com/advisories/GHSA-4pcg-pjp5-3mc6","reference_id":"GHSA-4pcg-pjp5-3mc6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4pcg-pjp5-3mc6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377523?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.21"},{"url":"http://public2.vulnerablecode.io/api/packages/377524?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.3"}],"aliases":["CVE-2025-8571","GHSA-4pcg-pjp5-3mc6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dx1t-b982-5ucd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/134002?format=json","vulnerability_id":"VCID-e9xf-aufp-7ffa","summary":"Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28821","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51216","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28821"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28821","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28821"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20","reference_id":"concrete-cms-security-advisory-2023-04-20","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:47:43Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20"},{"reference_url":"https://github.com/advisories/GHSA-ph6g-6v8w-8p6m","reference_id":"GHSA-ph6g-6v8w-8p6m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-ph6g-6v8w-8p6m"},{"reference_url":"https://github.com/concretecms/concretecms/releases","reference_id":"releases","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:47:43Z/"}],"url":"https://github.com/concretecms/concretecms/releases"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379545?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-4h16-ay16-qkcs"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-56qq-9y15-nkb7"},{"vulnerability":"VCID-683x-bjfm-j3hh"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-71ae-y44g-kbbw"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9kyu-9sz6-1bea"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-g3pw-h46n-fyac"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-h56x-jv8r-a3aq"},{"vulnerability":"VCID-h67e-b4s5-guac"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-he4r-v9gv-tkdh"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-mjce-crza-h7d4"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbwe-39av-sydg"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-pt73-zjft-syhk"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-xfwe-ku14-gfe7"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.0"}],"aliases":["CVE-2023-28821","GHSA-ph6g-6v8w-8p6m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e9xf-aufp-7ffa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208059?format=json","vulnerability_id":"VCID-futp-6pvs-4qdx","summary":"Unrestricted Uploads in Concrete5","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14961","reference_id":"","reference_type":"","scores":[{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57373","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14961"},{"reference_url":"https://github.com/concrete5/concrete5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concrete5/concrete5"},{"reference_url":"https://github.com/concrete5/concrete5/pull/8651","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concrete5/concrete5/pull/8651"},{"reference_url":"https://github.com/concrete5/concrete5/releases/tag/8.5.3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concrete5/concrete5/releases/tag/8.5.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14961","reference_id":"CVE-2020-14961","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14961"},{"reference_url":"https://github.com/advisories/GHSA-g4gm-pxh3-29fq","reference_id":"GHSA-g4gm-pxh3-29fq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g4gm-pxh3-29fq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19241?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2fk1-gqz6-kbcy"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-45c5-bada-byca"},{"vulnerability":"VCID-4h16-ay16-qkcs"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-56qq-9y15-nkb7"},{"vulnerability":"VCID-683x-bjfm-j3hh"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-71ae-y44g-kbbw"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-8zjc-zm76-27dr"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9kyu-9sz6-1bea"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-e9xf-aufp-7ffa"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-g3pw-h46n-fyac"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-h56x-jv8r-a3aq"},{"vulnerability":"VCID-h67e-b4s5-guac"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-he4r-v9gv-tkdh"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-mjce-crza-h7d4"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbqg-vpwf-rkfr"},{"vulnerability":"VCID-pbwe-39av-sydg"},{"vulnerability":"VCID-pt73-zjft-syhk"},{"vulnerability":"VCID-qf6d-mgrs-nqb2"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-xfwe-ku14-gfe7"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.3"}],"aliases":["CVE-2020-14961","GHSA-g4gm-pxh3-29fq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-futp-6pvs-4qdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/146191?format=json","vulnerability_id":"VCID-fvdb-zeth-8qh7","summary":"Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48648","reference_id":"","reference_type":"","scores":[{"value":"0.00729","scoring_system":"epss","scoring_elements":"0.73114","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48648"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/707b974826b761dda5c0baaf345c8582157d9307","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/707b974826b761dda5c0baaf345c8582157d9307"},{"reference_url":"https://github.com/concretecms/concretecms/commit/eb882681a0ed19798a8f689d257af8dfe2f3a279","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/eb882681a0ed19798a8f689d257af8dfe2f3a279"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11677","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11677"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48648","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48648"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release","reference_id":"2023-11-09-security-blog-about-updated-cves-and-new-release","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-29T14:37:35Z/"}],"url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes","reference_id":"8513-release-notes","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-29T14:37:35Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes","reference_id":"922-release-notes","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-29T14:37:35Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes"},{"reference_url":"https://github.com/advisories/GHSA-m87h-jxr6-f82w","reference_id":"GHSA-m87h-jxr6-f82w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m87h-jxr6-f82w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381042?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.13"},{"url":"http://public2.vulnerablecode.io/api/packages/379110?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.2"}],"aliases":["CVE-2023-48648","GHSA-m87h-jxr6-f82w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fvdb-zeth-8qh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66432?format=json","vulnerability_id":"VCID-g134-5qhy-mudn","summary":"ConcreteCMS v9.4.7 contains a Denial of Service (DoS) vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive::addFromString' combined with 'file_get_contents', which loads the entire content of every selected file into PHP memory. An authenticated attacker can exploit this by requesting a bulk download of large files, triggering an Out-Of-Memory (OOM) condition that causes the PHP-FPM process to terminate (SIGSEGV) and the web server to return a 500 error.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30662","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18751","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30662"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30662","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30662"},{"reference_url":"https://wang1rrr.github.io/2026/02/11/CVE-Report-ConcreteCMS-DoS","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wang1rrr.github.io/2026/02/11/CVE-Report-ConcreteCMS-DoS"},{"reference_url":"https://wang1rrr.github.io/2026/02/11/CVE-Report-ConcreteCMS-DoS/","reference_id":"CVE-Report-ConcreteCMS-DoS","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:49:15Z/"}],"url":"https://wang1rrr.github.io/2026/02/11/CVE-Report-ConcreteCMS-DoS/"},{"reference_url":"https://github.com/advisories/GHSA-p68c-rmfh-j48h","reference_id":"GHSA-p68c-rmfh-j48h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p68c-rmfh-j48h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40145?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8"}],"aliases":["CVE-2026-30662","GHSA-p68c-rmfh-j48h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g134-5qhy-mudn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163256?format=json","vulnerability_id":"VCID-g3pw-h46n-fyac","summary":"Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43967","reference_id":"","reference_type":"","scores":[{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71492","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43967"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/releases/8.5.10","reference_id":"8.5.10","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:50:32Z/"}],"url":"https://github.com/concretecms/concretecms/releases/8.5.10"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"8510-release-notes","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:50:32Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms/releases/9.1.3","reference_id":"9.1.3","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:50:32Z/"}],"url":"https://github.com/concretecms/concretecms/releases/9.1.3"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"913-release-notes","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:50:32Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"concrete-cms-security-advisory-2022-10-31","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:50:32Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43967","reference_id":"CVE-2022-43967","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43967"},{"reference_url":"https://github.com/advisories/GHSA-vq39-q549-g786","reference_id":"GHSA-vq39-q549-g786","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vq39-q549-g786"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27854?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2fk1-gqz6-kbcy"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-e9xf-aufp-7ffa"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbqg-vpwf-rkfr"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/27858?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-s6vy-zjm8-n7bc"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3"}],"aliases":["CVE-2022-43967","GHSA-vq39-q549-g786"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g3pw-h46n-fyac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356847?format=json","vulnerability_id":"VCID-gg3x-yz6u-nygp","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44761","reference_id":"","reference_type":"","scores":[{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53584","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44761"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Forms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Forms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44761","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44761"},{"reference_url":"https://github.com/advisories/GHSA-p4jj-gwpg-9jwh","reference_id":"GHSA-p4jj-gwpg-9jwh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p4jj-gwpg-9jwh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379110?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.2"}],"aliases":["CVE-2023-44761","GHSA-p4jj-gwpg-9jwh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gg3x-yz6u-nygp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/162954?format=json","vulnerability_id":"VCID-h56x-jv8r-a3aq","summary":"Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43687","reference_id":"","reference_type":"","scores":[{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54553","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43687"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/releases/8.5.10","reference_id":"8.5.10","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:18:32Z/"}],"url":"https://github.com/concretecms/concretecms/releases/8.5.10"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"8510-release-notes","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:18:32Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms/releases/9.1.3","reference_id":"9.1.3","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:18:32Z/"}],"url":"https://github.com/concretecms/concretecms/releases/9.1.3"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"913-release-notes","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:18:32Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"concrete-cms-security-advisory-2022-10-31","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:18:32Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43687","reference_id":"CVE-2022-43687","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43687"},{"reference_url":"https://github.com/advisories/GHSA-m53v-5x5x-5m2p","reference_id":"GHSA-m53v-5x5x-5m2p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m53v-5x5x-5m2p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27854?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2fk1-gqz6-kbcy"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-e9xf-aufp-7ffa"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbqg-vpwf-rkfr"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/27858?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-s6vy-zjm8-n7bc"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3"}],"aliases":["CVE-2022-43687","GHSA-m53v-5x5x-5m2p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h56x-jv8r-a3aq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/162912?format=json","vulnerability_id":"VCID-h67e-b4s5-guac","summary":"Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this functionality. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43690","reference_id":"","reference_type":"","scores":[{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56919","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43690"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/a4dc73a4a47823373d4b4824534bb9b7d251f72c","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/a4dc73a4a47823373d4b4824534bb9b7d251f72c"},{"reference_url":"https://github.com/concretecms/concretecms/commit/d5dd12c40efed326b26862391b7e1e6f414cdd55","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/d5dd12c40efed326b26862391b7e1e6f414cdd55"},{"reference_url":"https://github.com/concretecms/concretecms/releases/8.5.10","reference_id":"8.5.10","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:13:50Z/"}],"url":"https://github.com/concretecms/concretecms/releases/8.5.10"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"8510-release-notes","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:13:50Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms/releases/9.1.3","reference_id":"9.1.3","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:13:50Z/"}],"url":"https://github.com/concretecms/concretecms/releases/9.1.3"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"913-release-notes","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:13:50Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"concrete-cms-security-advisory-2022-10-31","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:13:50Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43690","reference_id":"CVE-2022-43690","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43690"},{"reference_url":"https://github.com/advisories/GHSA-q56r-mw39-944g","reference_id":"GHSA-q56r-mw39-944g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q56r-mw39-944g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27854?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2fk1-gqz6-kbcy"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-e9xf-aufp-7ffa"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbqg-vpwf-rkfr"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/27858?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-s6vy-zjm8-n7bc"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3"}],"aliases":["CVE-2022-43690","GHSA-q56r-mw39-944g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h67e-b4s5-guac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209423?format=json","vulnerability_id":"VCID-hchd-9yu9-kbgq","summary":"Concrete CMS vulnerable to cross-site scripting (XSS)","references":[{"reference_url":"http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-INJECTION.txt","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-INJECTION.txt"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7725","reference_id":"","reference_type":"","scores":[{"value":"0.0362","scoring_system":"epss","scoring_elements":"0.88068","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7725"},{"reference_url":"https://hackerone.com/reports/148300","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/148300"},{"reference_url":"https://packetstormsecurity.com/files/142145/concrete5-8.1.0-Host-Header-Injection.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packetstormsecurity.com/files/142145/concrete5-8.1.0-Host-Header-Injection.html"},{"reference_url":"https://web.archive.org/web/20210124030008/https://www.securityfocus.com/bid/97649","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210124030008/https://www.securityfocus.com/bid/97649"},{"reference_url":"https://web.archive.org/web/20210124030008/https://www.securityfocus.com/bid/97649/","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20210124030008/https://www.securityfocus.com/bid/97649/"},{"reference_url":"https://www.exploit-db.com/exploits/41885","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/41885"},{"reference_url":"https://www.exploit-db.com/exploits/41885/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/41885/"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/41885.txt","reference_id":"CVE-2017-7725","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/41885.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7725","reference_id":"CVE-2017-7725","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7725"},{"reference_url":"https://github.com/advisories/GHSA-2mvg-c6mg-3q63","reference_id":"GHSA-2mvg-c6mg-3q63","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2mvg-c6mg-3q63"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/518433?format=json","purl":"pkg:composer/concrete5/concrete5@8.2.0RC2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2fk1-gqz6-kbcy"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-45c5-bada-byca"},{"vulnerability":"VCID-4h16-ay16-qkcs"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-56qq-9y15-nkb7"},{"vulnerability":"VCID-683x-bjfm-j3hh"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-71ae-y44g-kbbw"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-8zjc-zm76-27dr"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9kyu-9sz6-1bea"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-e9xf-aufp-7ffa"},{"vulnerability":"VCID-futp-6pvs-4qdx"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-g3pw-h46n-fyac"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-h56x-jv8r-a3aq"},{"vulnerability":"VCID-h67e-b4s5-guac"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-he4r-v9gv-tkdh"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-mjce-crza-h7d4"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbqg-vpwf-rkfr"},{"vulnerability":"VCID-pbwe-39av-sydg"},{"vulnerability":"VCID-pt73-zjft-syhk"},{"vulnerability":"VCID-qf6d-mgrs-nqb2"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-xfwe-ku14-gfe7"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"},{"vulnerability":"VCID-zwzp-pzqf-9bd5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.2.0RC2"}],"aliases":["CVE-2017-7725","GHSA-2mvg-c6mg-3q63"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hchd-9yu9-kbgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45871?format=json","vulnerability_id":"VCID-hdw7-spv5-k3c6","summary":"Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in getAttributeSetName().  A rogue administrator could inject malicious code. The Concrete CMS team gave this a CVSS v4.0 rank of 4.6  with vector   https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks, m3dium for reporting.  (CNA updated this risk rank on 20 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7394","reference_id":"","reference_type":"","scores":[{"value":"0.03921","scoring_system":"epss","scoring_elements":"0.88575","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7394"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/3a5974e94892c43388c3529e57a140bf2967c734","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/3a5974e94892c43388c3529e57a140bf2967c734"},{"reference_url":"https://github.com/concretecms/concretecms/commit/e7e0eb95a0c4d0875c3712e33f495be76578cd5a","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/e7e0eb95a0c4d0875c3712e33f495be76578cd5a"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12166","reference_id":"12166","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:54:29Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12166"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8518-release-notes?pk_vid=e367a434ef4830491723055758d52041","reference_id":"8518-release-notes?pk_vid=e367a434ef4830491723055758d52041","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:54:29Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8518-release-notes?pk_vid=e367a434ef4830491723055758d52041"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723055753d52041","reference_id":"933-release-notes?pk_vid=e367a434ef4830491723055753d52041","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:54:29Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723055753d52041"},{"reference_url":"https://github.com/concretecms/concretecms/commit/c08d9671cec4e7afdabb547339c4bc0bed8eab06","reference_id":"c08d9671cec4e7afdabb547339c4bc0bed8eab06","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:54:29Z/"}],"url":"https://github.com/concretecms/concretecms/commit/c08d9671cec4e7afdabb547339c4bc0bed8eab06"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7394","reference_id":"CVE-2024-7394","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7394"},{"reference_url":"https://github.com/advisories/GHSA-w6j6-w6jx-vf2r","reference_id":"GHSA-w6j6-w6jx-vf2r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w6j6-w6jx-vf2r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32956?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.18"},{"url":"http://public2.vulnerablecode.io/api/packages/32957?format=json","purl":"pkg:composer/concrete5/concrete5@9.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.3.3"}],"aliases":["CVE-2024-7394","GHSA-w6j6-w6jx-vf2r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hdw7-spv5-k3c6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211514?format=json","vulnerability_id":"VCID-he4r-v9gv-tkdh","summary":"Concrete CMS vulnerable to Cross-site Scripting","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43688","reference_id":"","reference_type":"","scores":[{"value":"0.0037","scoring_system":"epss","scoring_elements":"0.5924","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43688"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/51f19b377a19c97a8b8f1d4d0f13724ed1c7c7a7","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/51f19b377a19c97a8b8f1d4d0f13724ed1c7c7a7"},{"reference_url":"https://github.com/concretecms/concretecms/commit/6d46ca042fcfeda0f7881d8744f5216ef1abce0e","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/6d46ca042fcfeda0f7881d8744f5216ef1abce0e"},{"reference_url":"https://github.com/concretecms/concretecms/pull/10999","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/10999"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43688","reference_id":"CVE-2022-43688","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43688"},{"reference_url":"https://github.com/advisories/GHSA-9jc5-9wh5-mc36","reference_id":"GHSA-9jc5-9wh5-mc36","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9jc5-9wh5-mc36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27854?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2fk1-gqz6-kbcy"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-e9xf-aufp-7ffa"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbqg-vpwf-rkfr"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/27858?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-s6vy-zjm8-n7bc"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3"}],"aliases":["CVE-2022-43688","GHSA-9jc5-9wh5-mc36"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-he4r-v9gv-tkdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34796?format=json","vulnerability_id":"VCID-htqe-191f-1yab","summary":"Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color.  A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 5.1 with vector   https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks,  Alexey Solovyev for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8291","reference_id":"","reference_type":"","scores":[{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.57049","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8291"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/d97b43b8dd0b5578b41d2ffb5b2186a44c2c772c","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/d97b43b8dd0b5578b41d2ffb5b2186a44c2c772c"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12183","reference_id":"12183","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:05:39Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12183"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes","reference_id":"8519-release-notes","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:05:39Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes","reference_id":"934-release-notes","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:05:39Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8291","reference_id":"CVE-2024-8291","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8291"},{"reference_url":"https://github.com/concretecms/concretecms/commit/dbce253166f6b10ff3e0c09e50fd395370b8b065","reference_id":"dbce253166f6b10ff3e0c09e50fd395370b8b065","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:05:39Z/"}],"url":"https://github.com/concretecms/concretecms/commit/dbce253166f6b10ff3e0c09e50fd395370b8b065"},{"reference_url":"https://github.com/advisories/GHSA-q7qr-22qw-pqgx","reference_id":"GHSA-q7qr-22qw-pqgx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q7qr-22qw-pqgx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33393?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.19"},{"url":"http://public2.vulnerablecode.io/api/packages/33394?format=json","purl":"pkg:composer/concrete5/concrete5@9.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.3.4"}],"aliases":["CVE-2024-8291","GHSA-q7qr-22qw-pqgx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-htqe-191f-1yab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211547?format=json","vulnerability_id":"VCID-j9t7-y29v-6bb7","summary":"Withdrawn: ConcreteCMS vulnerable to Xpath injection attacks","references":[{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-46464","reference_id":"CVE-2022-46464","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-46464"},{"reference_url":"https://github.com/advisories/GHSA-7vx2-5349-qj99","reference_id":"GHSA-7vx2-5349-qj99","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7vx2-5349-qj99"}],"fixed_packages":[],"aliases":["CVE-2022-46464","GHSA-7vx2-5349-qj99"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j9t7-y29v-6bb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/134512?format=json","vulnerability_id":"VCID-m9p2-uh8x-zuh8","summary":"Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Saved Presets on search.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28474","reference_id":"","reference_type":"","scores":[{"value":"0.01927","scoring_system":"epss","scoring_elements":"0.83763","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28474"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28474","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28474"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates","reference_id":"2023-12-05-concrete-cms-new-cves-and-cve-updates","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:30:45Z/"}],"url":"https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates"},{"reference_url":"https://concretecms.com","reference_id":"concretecms.com","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:30:45Z/"}],"url":"https://concretecms.com"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20","reference_id":"concrete-cms-security-advisory-2023-04-20","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:30:45Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20"},{"reference_url":"https://github.com/advisories/GHSA-2j26-j953-2rph","reference_id":"GHSA-2j26-j953-2rph","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2j26-j953-2rph"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379355?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0"}],"aliases":["CVE-2023-28474","GHSA-2j26-j953-2rph"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m9p2-uh8x-zuh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163150?format=json","vulnerability_id":"VCID-mjce-crza-h7d4","summary":"Concrete CMS is vulnerable to CSRF due to the lack of \"State\" parameter for external Concrete authentication service for users of Concrete who use the \"out of the box\" core OAuth.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43693","reference_id":"","reference_type":"","scores":[{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.629","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43693"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/releases/8.5.10","reference_id":"8.5.10","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:08:21Z/"}],"url":"https://github.com/concretecms/concretecms/releases/8.5.10"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"8510-release-notes","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:08:21Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms/releases/9.1.3","reference_id":"9.1.3","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:08:21Z/"}],"url":"https://github.com/concretecms/concretecms/releases/9.1.3"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"913-release-notes","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:08:21Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"concrete-cms-security-advisory-2022-10-31","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:08:21Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43693","reference_id":"CVE-2022-43693","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43693"},{"reference_url":"https://github.com/advisories/GHSA-w8fp-3gwq-gxpw","reference_id":"GHSA-w8fp-3gwq-gxpw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w8fp-3gwq-gxpw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27854?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2fk1-gqz6-kbcy"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-e9xf-aufp-7ffa"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbqg-vpwf-rkfr"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/27858?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-s6vy-zjm8-n7bc"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3"}],"aliases":["CVE-2022-43693","GHSA-w8fp-3gwq-gxpw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mjce-crza-h7d4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/131448?format=json","vulnerability_id":"VCID-n6yd-31cx-zqh2","summary":"A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44762","reference_id":"","reference_type":"","scores":[{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44645","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44762"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44762","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44762"},{"reference_url":"https://github.com/sromanhu/ConcreteCMS-Reflected-XSS---Tags","reference_id":"ConcreteCMS-Reflected-XSS---Tags","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T16:28:16Z/"}],"url":"https://github.com/sromanhu/ConcreteCMS-Reflected-XSS---Tags"},{"reference_url":"https://github.com/advisories/GHSA-6fm3-r6mf-j875","reference_id":"GHSA-6fm3-r6mf-j875","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6fm3-r6mf-j875"}],"fixed_packages":[],"aliases":["CVE-2023-44762","GHSA-6fm3-r6mf-j875"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n6yd-31cx-zqh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85790?format=json","vulnerability_id":"VCID-nahk-p3f1-8bee","summary":"In Concrete CMS below version 9.4.8, a stored cross-site scripting (XSS) vulnerability exists in the \"Legacy Form\" block. An authenticated user with permissions to create or edit forms (e.g., a rogue administrator) can inject a persistent JavaScript payload into the options of a multiple-choice question (Checkbox List, Radio Buttons, or Select Box). This payload is then executed in the browser of any user who views the page containing the form. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks M3dium for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3241","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.0123","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3241"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12826","reference_id":"12826","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:41:54Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12826"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes","reference_id":"948-release-notes","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:41:54Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3241","reference_id":"CVE-2026-3241","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3241"},{"reference_url":"https://github.com/advisories/GHSA-f4vq-pj32-gr4q","reference_id":"GHSA-f4vq-pj32-gr4q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f4vq-pj32-gr4q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40145?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8"}],"aliases":["CVE-2026-3241","GHSA-f4vq-pj32-gr4q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nahk-p3f1-8bee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34088?format=json","vulnerability_id":"VCID-nuz6-12nr-2yga","summary":"Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.18 are vulnerable to Stored XSS in the \"Next&Previous Nav\" block. A rogue administrator could add a malicious payload  by executing it in the browsers of targeted users. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector  CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N  Since the \"Next&Previous Nav\" block output was not sufficiently sanitized, the malicious payload could be executed in the browsers of targeted users. Thanks, Chu Quoc Khanh for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8661","reference_id":"","reference_type":"","scores":[{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.68027","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8661"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/3e548b416ae32efee1e0a42c4510be1106c7eb25","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/3e548b416ae32efee1e0a42c4510be1106c7eb25"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12204","reference_id":"12204","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T20:05:43Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12204"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes","reference_id":"8519-release-notes","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T20:05:43Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes","reference_id":"934-release-notes","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T20:05:43Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms/commit/ce5ee2ab83fe8de6fa012dd51c5a1dde05cb0dc4","reference_id":"ce5ee2ab83fe8de6fa012dd51c5a1dde05cb0dc4","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T20:05:43Z/"}],"url":"https://github.com/concretecms/concretecms/commit/ce5ee2ab83fe8de6fa012dd51c5a1dde05cb0dc4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8661","reference_id":"CVE-2024-8661","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8661"},{"reference_url":"https://github.com/advisories/GHSA-xmxj-v2q8-8qx6","reference_id":"GHSA-xmxj-v2q8-8qx6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xmxj-v2q8-8qx6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33393?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.19"},{"url":"http://public2.vulnerablecode.io/api/packages/33394?format=json","purl":"pkg:composer/concrete5/concrete5@9.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.3.4"}],"aliases":["CVE-2024-8661","GHSA-xmxj-v2q8-8qx6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nuz6-12nr-2yga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/134349?format=json","vulnerability_id":"VCID-pbqg-vpwf-rkfr","summary":"Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28820","reference_id":"","reference_type":"","scores":[{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65181","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28820"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28820","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28820"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20","reference_id":"concrete-cms-security-advisory-2023-04-20","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:H/AV:N/A:N/C:L/I:N/PR:H/S:U/UI:R"},{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:09:20Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20"},{"reference_url":"https://github.com/advisories/GHSA-fgxj-g7x3-85cq","reference_id":"GHSA-fgxj-g7x3-85cq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fgxj-g7x3-85cq"},{"reference_url":"https://github.com/concretecms/concretecms/releases","reference_id":"releases","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:H/AV:N/A:N/C:L/I:N/PR:H/S:U/UI:R"},{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:09:20Z/"}],"url":"https://github.com/concretecms/concretecms/releases"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379545?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-4h16-ay16-qkcs"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-56qq-9y15-nkb7"},{"vulnerability":"VCID-683x-bjfm-j3hh"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-71ae-y44g-kbbw"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9kyu-9sz6-1bea"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-g3pw-h46n-fyac"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-h56x-jv8r-a3aq"},{"vulnerability":"VCID-h67e-b4s5-guac"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-he4r-v9gv-tkdh"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-mjce-crza-h7d4"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbwe-39av-sydg"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-pt73-zjft-syhk"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-xfwe-ku14-gfe7"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.0"}],"aliases":["CVE-2023-28820","GHSA-fgxj-g7x3-85cq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pbqg-vpwf-rkfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163229?format=json","vulnerability_id":"VCID-pbwe-39av-sydg","summary":"In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service (high load).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43686","reference_id":"","reference_type":"","scores":[{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.7443","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43686"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/releases/8.5.10","reference_id":"8.5.10","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:20:30Z/"}],"url":"https://github.com/concretecms/concretecms/releases/8.5.10"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"8510-release-notes","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:20:30Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms/releases/9.1.3","reference_id":"9.1.3","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:20:30Z/"}],"url":"https://github.com/concretecms/concretecms/releases/9.1.3"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"913-release-notes","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:20:30Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"concrete-cms-security-advisory-2022-10-31","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:20:30Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43686","reference_id":"CVE-2022-43686","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43686"},{"reference_url":"https://github.com/advisories/GHSA-3cxx-3f53-m92c","reference_id":"GHSA-3cxx-3f53-m92c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3cxx-3f53-m92c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27854?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2fk1-gqz6-kbcy"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-e9xf-aufp-7ffa"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbqg-vpwf-rkfr"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/27858?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-s6vy-zjm8-n7bc"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3"}],"aliases":["CVE-2022-43686","GHSA-3cxx-3f53-m92c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pbwe-39av-sydg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163358?format=json","vulnerability_id":"VCID-pt73-zjft-syhk","summary":"Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43968","reference_id":"","reference_type":"","scores":[{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71492","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43968"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/releases/8.5.10","reference_id":"8.5.10","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:39:35Z/"}],"url":"https://github.com/concretecms/concretecms/releases/8.5.10"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"8510-release-notes","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:39:35Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms/releases/9.1.3","reference_id":"9.1.3","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:39:35Z/"}],"url":"https://github.com/concretecms/concretecms/releases/9.1.3"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"913-release-notes","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:39:35Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"concrete-cms-security-advisory-2022-10-31","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:39:35Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43968","reference_id":"CVE-2022-43968","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43968"},{"reference_url":"https://github.com/advisories/GHSA-8782-xgh5-r7mv","reference_id":"GHSA-8782-xgh5-r7mv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8782-xgh5-r7mv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27854?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2fk1-gqz6-kbcy"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-e9xf-aufp-7ffa"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbqg-vpwf-rkfr"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/27858?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-s6vy-zjm8-n7bc"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3"}],"aliases":["CVE-2022-43968","GHSA-8782-xgh5-r7mv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pt73-zjft-syhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/335232?format=json","vulnerability_id":"VCID-qf6d-mgrs-nqb2","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22958","reference_id":"","reference_type":"","scores":[{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60829","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22958"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/855-release-notes","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/855-release-notes"},{"reference_url":"https://github.com/concrete5/concrete5","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concrete5/concrete5"},{"reference_url":"https://github.com/concrete5/concrete5/pull/8826","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concrete5/concrete5/pull/8826"},{"reference_url":"https://hackerone.com/reports/863221","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/863221"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22958","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22958"},{"reference_url":"https://github.com/advisories/GHSA-284f-f2hw-j2gx","reference_id":"GHSA-284f-f2hw-j2gx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-284f-f2hw-j2gx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23235?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2fk1-gqz6-kbcy"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-45c5-bada-byca"},{"vulnerability":"VCID-4h16-ay16-qkcs"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-56qq-9y15-nkb7"},{"vulnerability":"VCID-683x-bjfm-j3hh"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-71ae-y44g-kbbw"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9kyu-9sz6-1bea"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-e9xf-aufp-7ffa"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-g3pw-h46n-fyac"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-h56x-jv8r-a3aq"},{"vulnerability":"VCID-h67e-b4s5-guac"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-he4r-v9gv-tkdh"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-mjce-crza-h7d4"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbqg-vpwf-rkfr"},{"vulnerability":"VCID-pbwe-39av-sydg"},{"vulnerability":"VCID-pt73-zjft-syhk"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-xfwe-ku14-gfe7"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.5"}],"aliases":["CVE-2021-22958","GHSA-284f-f2hw-j2gx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qf6d-mgrs-nqb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85949?format=json","vulnerability_id":"VCID-qndd-2vmq-guen","summary":"In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Thanks minhnn42, namdi and quanlna2 from VCSLab-Viettel Cyber Security for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3240","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01379","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3240"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12826","reference_id":"12826","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:32:45Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12826"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes","reference_id":"948-release-notes","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:32:45Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3240","reference_id":"CVE-2026-3240","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3240"},{"reference_url":"https://github.com/advisories/GHSA-45fj-fvmm-xcc5","reference_id":"GHSA-45fj-fvmm-xcc5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-45fj-fvmm-xcc5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40145?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8"}],"aliases":["CVE-2026-3240","GHSA-45fj-fvmm-xcc5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qndd-2vmq-guen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64702?format=json","vulnerability_id":"VCID-rgjf-p329-vbf8","summary":"Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3179","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2793","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3179"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295"},{"reference_url":"https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11988","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11988"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11989","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11989"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.","reference_id":"8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T20:02:16Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA."},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.","reference_id":"928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T20:02:16Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA."},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3179","reference_id":"CVE-2024-3179","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3179"},{"reference_url":"https://github.com/advisories/GHSA-r7q4-cw9r-vhp4","reference_id":"GHSA-r7q4-cw9r-vhp4","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r7q4-cw9r-vhp4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30162?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.16"},{"url":"http://public2.vulnerablecode.io/api/packages/30163?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8"}],"aliases":["CVE-2024-3179","GHSA-r7q4-cw9r-vhp4"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rgjf-p329-vbf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85813?format=json","vulnerability_id":"VCID-rkx3-e4r3-c3gh","summary":"Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injection into the Express Entry List block via the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed to unserialize() without class restrictions or integrity checks. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 8.9 with vector CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H. Thanks YJK ( @YJK0805 https://hackerone.com/yjk0805 ) of  ZUSO ART https://zuso.ai/  for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3452","reference_id":"","reference_type":"","scores":[{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.51008","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3452"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12826/changes/167f16e4805d8ab546d2997c753ac21bf4854920","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/12826/changes/167f16e4805d8ab546d2997c753ac21bf4854920"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12826/changes/167f16e4805d8ab546d2997c753ac21bf4854920://","reference_id":"167f16e4805d8ab546d2997c753ac21bf4854920:","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T16:02:03Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12826/changes/167f16e4805d8ab546d2997c753ac21bf4854920://"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes","reference_id":"948-release-notes","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T16:02:03Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3452","reference_id":"CVE-2026-3452","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3452"},{"reference_url":"https://github.com/advisories/GHSA-gj26-w59c-29mf","reference_id":"GHSA-gj26-w59c-29mf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gj26-w59c-29mf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40145?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8"}],"aliases":["CVE-2026-3452","GHSA-gj26-w59c-29mf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rkx3-e4r3-c3gh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356846?format=json","vulnerability_id":"VCID-tgvt-rgwm-d7de","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44760","reference_id":"","reference_type":"","scores":[{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46352","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44760"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---TrackingCodes","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---TrackingCodes"},{"reference_url":"https://github.com/sromanhu/CVE-2023-44760_ConcreteCMS-Stored-XSS---TrackingCodes/issues/1","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sromanhu/CVE-2023-44760_ConcreteCMS-Stored-XSS---TrackingCodes/issues/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44760","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44760"},{"reference_url":"https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-31-concrete-cms-rejects-cve-2023-44760-and-cve-2023-44766","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-31-concrete-cms-rejects-cve-2023-44760-and-cve-2023-44766"},{"reference_url":"https://github.com/advisories/GHSA-4qv6-37xq-mgq2","reference_id":"GHSA-4qv6-37xq-mgq2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4qv6-37xq-mgq2"}],"fixed_packages":[],"aliases":["CVE-2023-44760","GHSA-4qv6-37xq-mgq2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tgvt-rgwm-d7de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/126308?format=json","vulnerability_id":"VCID-tt5n-k5h8-xufp","summary":"","references":[{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc5.md","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc5.md"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2967","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2967"},{"reference_url":"https://vuldb.com/?ctiid.302019","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://vuldb.com/?ctiid.302019"},{"reference_url":"https://vuldb.com/?id.302019","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://vuldb.com/?id.302019"},{"reference_url":"https://vuldb.com/?submit.522417","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://vuldb.com/?submit.522417"},{"reference_url":"https://github.com/advisories/GHSA-xfqf-5rhg-5c73","reference_id":"GHSA-xfqf-5rhg-5c73","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xfqf-5rhg-5c73"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/785786?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.0RC1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.0RC1"}],"aliases":["CVE-2025-2967","GHSA-xfqf-5rhg-5c73"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tt5n-k5h8-xufp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/146384?format=json","vulnerability_id":"VCID-ty11-5ff4-s7av","summary":"Concrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Request Forgery (CSRF) via ccm/calendar/dialogs/event/delete/submit. An attacker can force an admin to delete events on the site because the event ID is numeric and sequential.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48653","reference_id":"","reference_type":"","scores":[{"value":"0.00839","scoring_system":"epss","scoring_elements":"0.75137","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48653"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/077755e6bbbc1c67b7508add9e3d207e8d8909a0","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/077755e6bbbc1c67b7508add9e3d207e8d8909a0"},{"reference_url":"https://github.com/concretecms/concretecms/commit/5b93470bcccf271810d3a0b190368ce6a9d6c84b","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/5b93470bcccf271810d3a0b190368ce6a9d6c84b"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates","reference_id":"2023-12-05-concrete-cms-new-cves-and-cve-updates","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:21:08Z/"}],"url":"https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes","reference_id":"923-release-notes","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:21:08Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48653","reference_id":"CVE-2023-48653","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48653"},{"reference_url":"https://github.com/advisories/GHSA-3rxx-8f33-7p6p","reference_id":"GHSA-3rxx-8f33-7p6p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3rxx-8f33-7p6p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29439?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.14"},{"url":"http://public2.vulnerablecode.io/api/packages/29435?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.3"}],"aliases":["CVE-2023-48653","GHSA-3rxx-8f33-7p6p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ty11-5ff4-s7av"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/146354?format=json","vulnerability_id":"VCID-tzyh-y7uc-hff9","summary":"Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48650","reference_id":"","reference_type":"","scores":[{"value":"0.01073","scoring_system":"epss","scoring_elements":"0.78177","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48650"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/077755e6bbbc1c67b7508add9e3d207e8d8909a0","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/077755e6bbbc1c67b7508add9e3d207e8d8909a0"},{"reference_url":"https://github.com/concretecms/concretecms/commit/5b93470bcccf271810d3a0b190368ce6a9d6c84b","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/5b93470bcccf271810d3a0b190368ce6a9d6c84b"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates","reference_id":"2023-12-05-concrete-cms-new-cves-and-cve-updates","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-01T18:50:14Z/"}],"url":"https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes","reference_id":"923-release-notes","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-01T18:50:14Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48650","reference_id":"CVE-2023-48650","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48650"},{"reference_url":"https://github.com/advisories/GHSA-x577-gcc9-9xjj","reference_id":"GHSA-x577-gcc9-9xjj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x577-gcc9-9xjj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29439?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.14"},{"url":"http://public2.vulnerablecode.io/api/packages/29435?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.3"}],"aliases":["CVE-2023-48650","GHSA-x577-gcc9-9xjj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tzyh-y7uc-hff9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85311?format=json","vulnerability_id":"VCID-v39f-kpce-2qhz","summary":"In Concrete CMS below version 9.4.8, A stored cross-site scripting (XSS) vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page names that executes when users search for and view those pages in search results. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N.  Thanks zolpak for reporting","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3244","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01379","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3244"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12826","reference_id":"12826","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:50:43Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12826"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes","reference_id":"948-release-notes","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:50:43Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3244","reference_id":"CVE-2026-3244","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3244"},{"reference_url":"https://github.com/advisories/GHSA-mm5f-5rqw-574f","reference_id":"GHSA-mm5f-5rqw-574f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mm5f-5rqw-574f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40145?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8"}],"aliases":["CVE-2026-3244","GHSA-mm5f-5rqw-574f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v39f-kpce-2qhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356851?format=json","vulnerability_id":"VCID-vbae-fwnr-zff5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44766","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40606","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44766"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---SEO","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---SEO"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44766","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44766"},{"reference_url":"https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-31-concrete-cms-rejects-cve-2023-44760-and-cve-2023-44766","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-31-concrete-cms-rejects-cve-2023-44760-and-cve-2023-44766"},{"reference_url":"https://github.com/advisories/GHSA-437p-jfm4-2387","reference_id":"GHSA-437p-jfm4-2387","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-437p-jfm4-2387"}],"fixed_packages":[],"aliases":["CVE-2023-44766","GHSA-437p-jfm4-2387"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vbae-fwnr-zff5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84946?format=json","vulnerability_id":"VCID-vdtu-qtuw-v3fs","summary":"Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam Allowlist Group Configuration via group_id parameter which can leads to a security bypass since changes are saved prior to checking the CSRF token. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks z3rco for reporting","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2994","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01454","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2994"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12826","reference_id":"12826","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:04:57Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12826"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes","reference_id":"948-release-notes","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:04:57Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2994","reference_id":"CVE-2026-2994","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2994"},{"reference_url":"https://github.com/advisories/GHSA-6mxw-2vhf-42g5","reference_id":"GHSA-6mxw-2vhf-42g5","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6mxw-2vhf-42g5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40145?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8"}],"aliases":["CVE-2026-2994","GHSA-6mxw-2vhf-42g5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vdtu-qtuw-v3fs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47505?format=json","vulnerability_id":"VCID-wau6-kvqa-pbgu","summary":"Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave this vulnerability a CVSS v4 score of 5.1 with vector   https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Thanks, m3dium for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4350","reference_id":"","reference_type":"","scores":[{"value":"0.01032","scoring_system":"epss","scoring_elements":"0.77756","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4350"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/55e485e06b0b3342613a55af6a7c61d939d2ccb5","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/55e485e06b0b3342613a55af6a7c61d939d2ccb5"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12166","reference_id":"12166","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:51:55Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12166"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8518-release-notes?pk_vid=e367a434ef4830491723055758d52041","reference_id":"8518-release-notes?pk_vid=e367a434ef4830491723055758d52041","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:51:55Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8518-release-notes?pk_vid=e367a434ef4830491723055758d52041"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723060415d52041","reference_id":"933-release-notes?pk_vid=e367a434ef4830491723060415d52041","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:51:55Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723060415d52041"},{"reference_url":"https://github.com/concretecms/concretecms/commit/c08d9671cec4e7afdabb547339c4bc0bed8eab06","reference_id":"c08d9671cec4e7afdabb547339c4bc0bed8eab06","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:51:55Z/"}],"url":"https://github.com/concretecms/concretecms/commit/c08d9671cec4e7afdabb547339c4bc0bed8eab06"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4350","reference_id":"CVE-2024-4350","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4350"},{"reference_url":"https://github.com/advisories/GHSA-q5wx-m95r-4cgc","reference_id":"GHSA-q5wx-m95r-4cgc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q5wx-m95r-4cgc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32956?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.18"},{"url":"http://public2.vulnerablecode.io/api/packages/32957?format=json","purl":"pkg:composer/concrete5/concrete5@9.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.3.3"}],"aliases":["CVE-2024-4350","GHSA-q5wx-m95r-4cgc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wau6-kvqa-pbgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/146290?format=json","vulnerability_id":"VCID-wqt4-uc3s-zbdn","summary":"Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48649","reference_id":"","reference_type":"","scores":[{"value":"0.01256","scoring_system":"epss","scoring_elements":"0.79794","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48649"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48649","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48649"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11695","reference_id":"11695","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T14:36:47Z/"}],"url":"https://github.com/concretecms/concretecms/pull/11695"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11739","reference_id":"11739","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T14:36:47Z/"}],"url":"https://github.com/concretecms/concretecms/pull/11739"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release","reference_id":"2023-11-09-security-blog-about-updated-cves-and-new-release","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T14:36:47Z/"}],"url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes","reference_id":"8513-release-notes","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T14:36:47Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes","reference_id":"922-release-notes","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T14:36:47Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes"},{"reference_url":"https://github.com/advisories/GHSA-36fr-3wg8-q5v8","reference_id":"GHSA-36fr-3wg8-q5v8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-36fr-3wg8-q5v8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381042?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.13"},{"url":"http://public2.vulnerablecode.io/api/packages/379110?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.2"}],"aliases":["CVE-2023-48649","GHSA-36fr-3wg8-q5v8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wqt4-uc3s-zbdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163065?format=json","vulnerability_id":"VCID-xfwe-ku14-gfe7","summary":"Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43694","reference_id":"","reference_type":"","scores":[{"value":"0.00853","scoring_system":"epss","scoring_elements":"0.75376","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43694"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/releases/8.5.10","reference_id":"8.5.10","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:06:49Z/"}],"url":"https://github.com/concretecms/concretecms/releases/8.5.10"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"8510-release-notes","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:06:49Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms/releases/9.1.3","reference_id":"9.1.3","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:06:49Z/"}],"url":"https://github.com/concretecms/concretecms/releases/9.1.3"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"913-release-notes","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:06:49Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"concrete-cms-security-advisory-2022-10-31","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:06:49Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43694","reference_id":"CVE-2022-43694","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43694"},{"reference_url":"https://github.com/advisories/GHSA-jfmc-3975-fv5f","reference_id":"GHSA-jfmc-3975-fv5f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jfmc-3975-fv5f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27854?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2fk1-gqz6-kbcy"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-e9xf-aufp-7ffa"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbqg-vpwf-rkfr"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/27858?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-s6vy-zjm8-n7bc"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3"}],"aliases":["CVE-2022-43694","GHSA-jfmc-3975-fv5f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xfwe-ku14-gfe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/134414?format=json","vulnerability_id":"VCID-yjan-urxm-g3a4","summary":"Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28473","reference_id":"","reference_type":"","scores":[{"value":"0.0074","scoring_system":"epss","scoring_elements":"0.73386","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28473"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11749","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11749"},{"reference_url":"https://github.com/concretecms/concretecms/releases/tag/8.5.13","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/releases/tag/8.5.13"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28473","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28473"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release","reference_id":"2023-11-09-security-blog-about-updated-cves-and-new-release","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:41:07Z/"}],"url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release"},{"reference_url":"https://concretecms.com","reference_id":"concretecms.com","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:41:07Z/"}],"url":"https://concretecms.com"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20","reference_id":"concrete-cms-security-advisory-2023-04-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:41:07Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20"},{"reference_url":"https://github.com/advisories/GHSA-pj76-75cm-3552","reference_id":"GHSA-pj76-75cm-3552","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pj76-75cm-3552"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379355?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0"}],"aliases":["CVE-2023-28473","GHSA-pj76-75cm-3552"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjan-urxm-g3a4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/355649?format=json","vulnerability_id":"VCID-yu9q-pa9p-huck","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28475","reference_id":"","reference_type":"","scores":[{"value":"0.02087","scoring_system":"epss","scoring_elements":"0.84375","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28475"},{"reference_url":"https://github.com/concretecms/concretecms/commit/861ba66d248165c9ee9d6d11a0457908b97d68f0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/861ba66d248165c9ee9d6d11a0457908b97d68f0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28475","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28475"},{"reference_url":"https://github.com/advisories/GHSA-vcpr-hm2m-gjjj","reference_id":"GHSA-vcpr-hm2m-gjjj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vcpr-hm2m-gjjj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379355?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0"}],"aliases":["CVE-2023-28475","GHSA-vcpr-hm2m-gjjj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yu9q-pa9p-huck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/321061?format=json","vulnerability_id":"VCID-zwzp-pzqf-9bd5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11476","reference_id":"","reference_type":"","scores":[{"value":"0.00754","scoring_system":"epss","scoring_elements":"0.73678","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11476"},{"reference_url":"https://github.com/concrete5/concrete5","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concrete5/concrete5"},{"reference_url":"https://github.com/concrete5/concrete5/pull/8713","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concrete5/concrete5/pull/8713"},{"reference_url":"https://github.com/concrete5/concrete5/releases/tag/8.5.3","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concrete5/concrete5/releases/tag/8.5.3"},{"reference_url":"https://github.com/concretecms/concretecms/commit/d296f4ba4f6ad94b199c21c1b16f0d185adab343","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/d296f4ba4f6ad94b199c21c1b16f0d185adab343"},{"reference_url":"https://herolab.usd.de/security-advisories/usd-2020-0041","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://herolab.usd.de/security-advisories/usd-2020-0041"},{"reference_url":"https://herolab.usd.de/security-advisories/usd-2020-0041/","reference_id":"","reference_type":"","scores":[],"url":"https://herolab.usd.de/security-advisories/usd-2020-0041/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11476","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11476"},{"reference_url":"https://github.com/advisories/GHSA-hf9p-9r39-r2h3","reference_id":"GHSA-hf9p-9r39-r2h3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hf9p-9r39-r2h3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19241?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2fk1-gqz6-kbcy"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-45c5-bada-byca"},{"vulnerability":"VCID-4h16-ay16-qkcs"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-56qq-9y15-nkb7"},{"vulnerability":"VCID-683x-bjfm-j3hh"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-71ae-y44g-kbbw"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-8zjc-zm76-27dr"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9kyu-9sz6-1bea"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-e9xf-aufp-7ffa"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-g3pw-h46n-fyac"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-h56x-jv8r-a3aq"},{"vulnerability":"VCID-h67e-b4s5-guac"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-he4r-v9gv-tkdh"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-mjce-crza-h7d4"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbqg-vpwf-rkfr"},{"vulnerability":"VCID-pbwe-39av-sydg"},{"vulnerability":"VCID-pt73-zjft-syhk"},{"vulnerability":"VCID-qf6d-mgrs-nqb2"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-xfwe-ku14-gfe7"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.3"}],"aliases":["CVE-2020-11476","GHSA-hf9p-9r39-r2h3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zwzp-pzqf-9bd5"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.0.2"}