{"url":"http://public2.vulnerablecode.io/api/packages/537843?format=json","purl":"pkg:composer/concrete5/concrete5@8.2.0","type":"composer","namespace":"concrete5","name":"concrete5","version":"8.2.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.4.8","latest_non_vulnerable_version":"9.4.8","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109406?format=json","vulnerability_id":"VCID-172w-4ffa-nbaj","summary":"Withdrawn: ConcreteCMS vulnerable to Xpath injection attacks\n## Withdrawn\nThis advisory has been withdrawn because it has been found not to be a security issue and withdrawn by its CNA. Please see the message from NVD [here](https://nvd.nist.gov/vuln/detail/CVE-2022-46464) for more information. This link is maintained to preserve external references.\n\n## Original Description \n\nConcreteCMS v9.1.3 was discovered to be vulnerable to Xpath injection attacks. This vulnerability allows attackers to access sensitive XML data via a crafted payload injected into the URL path folder \"3\".","references":[{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-46464","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-46464"},{"reference_url":"https://github.com/advisories/GHSA-7vx2-5349-qj99","reference_id":"GHSA-7vx2-5349-qj99","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7vx2-5349-qj99"}],"fixed_packages":[],"aliases":["CVE-2022-46464","GHSA-7vx2-5349-qj99"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-172w-4ffa-nbaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110119?format=json","vulnerability_id":"VCID-1nx7-y5wu-33f2","summary":"Concrete CMS vulnerable to Reflected Cross-site Scripting via image manipulation library\nConcrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43694","reference_id":"","reference_type":"","scores":[{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71402","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71429","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71452","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71446","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00853","scoring_system":"epss","scoring_elements":"0.75305","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00853","scoring_system":"epss","scoring_elements":"0.75331","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43694"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:06:49Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:06:49Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/releases/8.5.10","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:06:49Z/"}],"url":"https://github.com/concretecms/concretecms/releases/8.5.10"},{"reference_url":"https://github.com/concretecms/concretecms/releases/9.1.3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:06:49Z/"}],"url":"https://github.com/concretecms/concretecms/releases/9.1.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43694","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43694"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:06:49Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://github.com/advisories/GHSA-jfmc-3975-fv5f","reference_id":"GHSA-jfmc-3975-fv5f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jfmc-3975-fv5f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65905?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-e9xa-h65d-xfe9"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-n7h1-u4gv-cuas"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-z677-bph6-eff9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/65906?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vhfu-j268-z3ac"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3"}],"aliases":["CVE-2022-43694","GHSA-jfmc-3975-fv5f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1nx7-y5wu-33f2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47397?format=json","vulnerability_id":"VCID-1ptm-ydqz-gybk","summary":"Concrete CMS Stored XSS in the Search Field\nConcrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3181","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2798","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27907","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27899","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27943","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2803","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3181"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T15:34:26Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA."},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T15:34:26Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA."},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295"},{"reference_url":"https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3181","reference_id":"CVE-2024-3181","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3181"},{"reference_url":"https://github.com/advisories/GHSA-qgm9-rxmq-jxmq","reference_id":"GHSA-qgm9-rxmq-jxmq","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qgm9-rxmq-jxmq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69620?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x9kw-h9dx-zydt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.16"},{"url":"http://public2.vulnerablecode.io/api/packages/69619?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8"}],"aliases":["CVE-2024-3181","GHSA-qgm9-rxmq-jxmq"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ptm-ydqz-gybk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46435?format=json","vulnerability_id":"VCID-2ayu-b9kp-ebfk","summary":"Concrete CMS allows unauthorized access because directories can be created with insecure permissions\nConcrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48648","reference_id":"","reference_type":"","scores":[{"value":"0.00729","scoring_system":"epss","scoring_elements":"0.7307","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00729","scoring_system":"epss","scoring_elements":"0.73039","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00729","scoring_system":"epss","scoring_elements":"0.73052","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00729","scoring_system":"epss","scoring_elements":"0.73064","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48648"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-29T14:37:35Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-29T14:37:35Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/707b974826b761dda5c0baaf345c8582157d9307","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/707b974826b761dda5c0baaf345c8582157d9307"},{"reference_url":"https://github.com/concretecms/concretecms/commit/eb882681a0ed19798a8f689d257af8dfe2f3a279","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/eb882681a0ed19798a8f689d257af8dfe2f3a279"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11677","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11677"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-29T14:37:35Z/"}],"url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48648","reference_id":"CVE-2023-48648","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48648"},{"reference_url":"https://github.com/advisories/GHSA-m87h-jxr6-f82w","reference_id":"GHSA-m87h-jxr6-f82w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m87h-jxr6-f82w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67800?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.13"},{"url":"http://public2.vulnerablecode.io/api/packages/67801?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.2"}],"aliases":["CVE-2023-48648","GHSA-m87h-jxr6-f82w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ayu-b9kp-ebfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46161?format=json","vulnerability_id":"VCID-2ksz-92tn-wbg5","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SITE parameter from installation or in the Settings.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44764","reference_id":"","reference_type":"","scores":[{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43967","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43925","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43916","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43951","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43975","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44764"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Site_Installation","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Site_Installation"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44764","reference_id":"CVE-2023-44764","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44764"},{"reference_url":"https://github.com/advisories/GHSA-j6h5-ggv2-3rfv","reference_id":"GHSA-j6h5-ggv2-3rfv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j6h5-ggv2-3rfv"}],"fixed_packages":[],"aliases":["CVE-2023-44764","GHSA-j6h5-ggv2-3rfv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ksz-92tn-wbg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47394?format=json","vulnerability_id":"VCID-3z92-cd94-cfdt","summary":"Concrete CMS Stored XSS in the Custom Class page editing\nConcrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3179","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2798","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27907","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2803","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27899","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27943","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3179"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T20:02:16Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA."},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T20:02:16Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA."},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295"},{"reference_url":"https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11988","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11988"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11989","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11989"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3179","reference_id":"CVE-2024-3179","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3179"},{"reference_url":"https://github.com/advisories/GHSA-r7q4-cw9r-vhp4","reference_id":"GHSA-r7q4-cw9r-vhp4","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r7q4-cw9r-vhp4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69620?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x9kw-h9dx-zydt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.16"},{"url":"http://public2.vulnerablecode.io/api/packages/69619?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8"}],"aliases":["CVE-2024-3179","GHSA-r7q4-cw9r-vhp4"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3z92-cd94-cfdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45557?format=json","vulnerability_id":"VCID-44dx-43hk-sbaq","summary":"Concrete CMS Cross-site Scripting vulnerability\nConcrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS allows association with an entity name that doesn’t exist or, if it does exist, contains XSS since it was not properly sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43695","reference_id":"","reference_type":"","scores":[{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.67248","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.6723","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.67215","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.67232","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.67199","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.6724","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43695"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:28:45Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:28:45Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://github.com/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/releases/8.5.10","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:28:45Z/"}],"url":"https://github.com/concretecms/concretecms/releases/8.5.10"},{"reference_url":"https://github.com/concretecms/concretecms/releases/9.1.3","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:28:45Z/"}],"url":"https://github.com/concretecms/concretecms/releases/9.1.3"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:28:45Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43695","reference_id":"CVE-2022-43695","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43695"},{"reference_url":"https://github.com/advisories/GHSA-8699-h45g-7hm8","reference_id":"GHSA-8699-h45g-7hm8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8699-h45g-7hm8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65905?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-e9xa-h65d-xfe9"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-n7h1-u4gv-cuas"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-z677-bph6-eff9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/65906?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vhfu-j268-z3ac"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3"}],"aliases":["CVE-2022-43695","GHSA-8699-h45g-7hm8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-44dx-43hk-sbaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47388?format=json","vulnerability_id":"VCID-4e63-f1w1-rudp","summary":"Concrete CMS Stored XSS in blocks of type file\nConcrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Prior to fix, stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3180","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27943","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27907","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27899","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2798","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2803","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3180"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T19:52:55Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA."},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T19:52:55Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA."},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295"},{"reference_url":"https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3180","reference_id":"CVE-2024-3180","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3180"},{"reference_url":"https://github.com/advisories/GHSA-9qhc-pg6j-wf23","reference_id":"GHSA-9qhc-pg6j-wf23","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9qhc-pg6j-wf23"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69620?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x9kw-h9dx-zydt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.16"},{"url":"http://public2.vulnerablecode.io/api/packages/69619?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8"}],"aliases":["CVE-2024-3180","GHSA-9qhc-pg6j-wf23"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4e63-f1w1-rudp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55655?format=json","vulnerability_id":"VCID-4g38-9q14-x3fs","summary":"Concrete CMS Stored XSS in getAttributeSetName\nConcrete CMS versions 9 through 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in getAttributeSetName().  A rogue administrator could inject malicious code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7394","reference_id":"","reference_type":"","scores":[{"value":"0.03921","scoring_system":"epss","scoring_elements":"0.88552","published_at":"2026-06-09T12:55:00Z"},{"value":"0.03921","scoring_system":"epss","scoring_elements":"0.88535","published_at":"2026-06-08T12:55:00Z"},{"value":"0.03921","scoring_system":"epss","scoring_elements":"0.88536","published_at":"2026-06-06T12:55:00Z"},{"value":"0.03921","scoring_system":"epss","scoring_elements":"0.88534","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7394"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723055753d52041","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:54:29Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723055753d52041"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8518-release-notes?pk_vid=e367a434ef4830491723055758d52041","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:54:29Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8518-release-notes?pk_vid=e367a434ef4830491723055758d52041"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/3a5974e94892c43388c3529e57a140bf2967c734","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/3a5974e94892c43388c3529e57a140bf2967c734"},{"reference_url":"https://github.com/concretecms/concretecms/commit/c08d9671cec4e7afdabb547339c4bc0bed8eab06","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:54:29Z/"}],"url":"https://github.com/concretecms/concretecms/commit/c08d9671cec4e7afdabb547339c4bc0bed8eab06"},{"reference_url":"https://github.com/concretecms/concretecms/commit/e7e0eb95a0c4d0875c3712e33f495be76578cd5a","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/e7e0eb95a0c4d0875c3712e33f495be76578cd5a"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12166","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:54:29Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12166"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7394","reference_id":"CVE-2024-7394","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7394"},{"reference_url":"https://github.com/advisories/GHSA-w6j6-w6jx-vf2r","reference_id":"GHSA-w6j6-w6jx-vf2r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w6j6-w6jx-vf2r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82372?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x9kw-h9dx-zydt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.18"},{"url":"http://public2.vulnerablecode.io/api/packages/82373?format=json","purl":"pkg:composer/concrete5/concrete5@9.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x9kw-h9dx-zydt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.3.3"}],"aliases":["CVE-2024-7394","GHSA-w6j6-w6jx-vf2r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4g38-9q14-x3fs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46255?format=json","vulnerability_id":"VCID-4m1m-6a9y-s3d6","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44760","reference_id":"","reference_type":"","scores":[{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46283","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46309","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46329","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46293","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46327","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44760"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---TrackingCodes","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---TrackingCodes"},{"reference_url":"https://github.com/sromanhu/CVE-2023-44760_ConcreteCMS-Stored-XSS---TrackingCodes/issues/1","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sromanhu/CVE-2023-44760_ConcreteCMS-Stored-XSS---TrackingCodes/issues/1"},{"reference_url":"https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-31-concrete-cms-rejects-cve-2023-44760-and-cve-2023-44766","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-31-concrete-cms-rejects-cve-2023-44760-and-cve-2023-44766"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44760","reference_id":"CVE-2023-44760","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44760"},{"reference_url":"https://github.com/advisories/GHSA-4qv6-37xq-mgq2","reference_id":"GHSA-4qv6-37xq-mgq2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4qv6-37xq-mgq2"}],"fixed_packages":[],"aliases":["CVE-2023-44760","GHSA-4qv6-37xq-mgq2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4m1m-6a9y-s3d6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45097?format=json","vulnerability_id":"VCID-5h8c-zdwq-nbcw","summary":"Missing secure cookie parameters\nConcrete CMS (previously concrete5) before 9.2 does not have Secure and HTTP only attributes set for ccmPoll cookies.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28472","reference_id":"","reference_type":"","scores":[{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64392","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64391","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64383","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64371","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64381","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28472"},{"reference_url":"https://concretecms.com","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://concretecms.com"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11749","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11749"},{"reference_url":"https://github.com/concretecms/concretecms/releases/tag/8.5.13","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/releases/tag/8.5.13"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28472","reference_id":"CVE-2023-28472","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28472"},{"reference_url":"https://github.com/advisories/GHSA-f55r-8rcv-mqcf","reference_id":"GHSA-f55r-8rcv-mqcf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f55r-8rcv-mqcf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65024?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0"}],"aliases":["CVE-2023-28472","GHSA-f55r-8rcv-mqcf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5h8c-zdwq-nbcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111790?format=json","vulnerability_id":"VCID-5v7t-rs6m-nbb4","summary":"Concrete CMS Cross-site Scripting via Survey Blocks\nConcrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct Cross-site Scripting (XSS) attacks via a crafted survey block. This requires at least Editor privileges.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28145","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41518","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41466","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41456","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41487","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41438","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41513","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28145"},{"reference_url":"https://documentation.concrete5.org/developers/introduction/version-history/855-release-notes","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://documentation.concrete5.org/developers/introduction/version-history/855-release-notes"},{"reference_url":"https://github.com/S1lkys/CVE-2021-40101","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/S1lkys/CVE-2021-40101"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28145","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28145"},{"reference_url":"https://www.concrete5.org/developers/security","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.concrete5.org/developers/security"},{"reference_url":"https://github.com/advisories/GHSA-7388-7vq2-m4f4","reference_id":"GHSA-7388-7vq2-m4f4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7388-7vq2-m4f4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59249?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1nx7-y5wu-33f2"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-44dx-43hk-sbaq"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-arng-9uc2-8qaj"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-e9xa-h65d-xfe9"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-gupx-yrqr-mkf5"},{"vulnerability":"VCID-hbnc-g326-h7hj"},{"vulnerability":"VCID-js6u-2111-r3hv"},{"vulnerability":"VCID-ka5e-6mxu-pqbp"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-n7h1-u4gv-cuas"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p432-7c1h-rbh4"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-quse-xwtq-u3fn"},{"vulnerability":"VCID-ret1-4gwa-fkde"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-sfqn-j8bs-xue6"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y3mm-x9e4-63a8"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-ybb2-9a77-puhq"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-z677-bph6-eff9"},{"vulnerability":"VCID-z8tm-pfx6-dyf4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.5"}],"aliases":["CVE-2021-28145","GHSA-7388-7vq2-m4f4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5v7t-rs6m-nbb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46163?format=json","vulnerability_id":"VCID-6qyr-cwsy-xkga","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44765","reference_id":"","reference_type":"","scores":[{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53522","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53492","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53516","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53531","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44765"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11746","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11746"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11746/commits/0f0564232e0a49719d0bdff6223539b624f116ee","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11746/commits/0f0564232e0a49719d0bdff6223539b624f116ee"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11746/commits/92bcc208078571f4beda38cb0952f8e99887737a","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11746/commits/92bcc208078571f4beda38cb0952f8e99887737a"},{"reference_url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Associations","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Associations"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44765","reference_id":"CVE-2023-44765","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44765"},{"reference_url":"https://github.com/advisories/GHSA-6xx7-r8x4-fpjp","reference_id":"GHSA-6xx7-r8x4-fpjp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6xx7-r8x4-fpjp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67801?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.2"}],"aliases":["CVE-2023-44765","GHSA-6xx7-r8x4-fpjp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6qyr-cwsy-xkga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47194?format=json","vulnerability_id":"VCID-8amu-x7gk-47dh","summary":"Concrete CMS Stored Cross-site Scripting vulnerability\nConcrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Name field which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.2 with a vector of AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N  Concrete versions below 9 do not include group types so they are not affected by this vulnerability. Thanks Luca Fuda for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2179","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.30985","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.30908","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.30888","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.30919","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.30953","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2179"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/927-release-notes","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-06T20:22:19Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/927-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/ac1ec9b069acac79869b2988e1f56cc5565a3dd4","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/ac1ec9b069acac79869b2988e1f56cc5565a3dd4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2179","reference_id":"CVE-2024-2179","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2179"},{"reference_url":"https://github.com/advisories/GHSA-4m7h-34xm-4wjv","reference_id":"GHSA-4m7h-34xm-4wjv","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4m7h-34xm-4wjv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69247?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.7"}],"aliases":["CVE-2024-2179","GHSA-4m7h-34xm-4wjv"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8amu-x7gk-47dh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45099?format=json","vulnerability_id":"VCID-9gz3-3k6s-kka8","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nConcrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Saved Presets on search.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28474","reference_id":"","reference_type":"","scores":[{"value":"0.01927","scoring_system":"epss","scoring_elements":"0.83729","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01927","scoring_system":"epss","scoring_elements":"0.8373","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01927","scoring_system":"epss","scoring_elements":"0.83717","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01927","scoring_system":"epss","scoring_elements":"0.83725","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28474"},{"reference_url":"https://concretecms.com","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:30:45Z/"}],"url":"https://concretecms.com"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:30:45Z/"}],"url":"https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:30:45Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28474","reference_id":"CVE-2023-28474","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28474"},{"reference_url":"https://github.com/advisories/GHSA-2j26-j953-2rph","reference_id":"GHSA-2j26-j953-2rph","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2j26-j953-2rph"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65024?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0"}],"aliases":["CVE-2023-28474","GHSA-2j26-j953-2rph"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9gz3-3k6s-kka8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57007?format=json","vulnerability_id":"VCID-ads8-yu64-dbgx","summary":"ConcreteCMS Cross-Site Scripting (XSS) via HTML Block Text Field\nA vulnerability was found in ConcreteCMS up to 9.3.9. It has been classified as problematic. This affects the function Save of the component HTML Block Handler. The manipulation of the argument content leads to HTML injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.","references":[{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc5.md","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc5.md"},{"reference_url":"https://vuldb.com/?ctiid.302019","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://vuldb.com/?ctiid.302019"},{"reference_url":"https://vuldb.com/?id.302019","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://vuldb.com/?id.302019"},{"reference_url":"https://vuldb.com/?submit.522417","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://vuldb.com/?submit.522417"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2967","reference_id":"CVE-2025-2967","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2967"},{"reference_url":"https://github.com/advisories/GHSA-xfqf-5rhg-5c73","reference_id":"GHSA-xfqf-5rhg-5c73","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xfqf-5rhg-5c73"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/806844?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.0RC1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.0RC1"}],"aliases":["CVE-2025-2967","GHSA-xfqf-5rhg-5c73"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ads8-yu64-dbgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47170?format=json","vulnerability_id":"VCID-agcq-9qz7-33a8","summary":"Concrete CMS Cross Site Request Forgery (CSRF) vulnerability\nConcrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Request Forgery (CSRF) via ccm/calendar/dialogs/event/delete/submit. An attacker can force an admin to delete events on the site because the event ID is numeric and sequential.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48653","reference_id":"","reference_type":"","scores":[{"value":"0.00839","scoring_system":"epss","scoring_elements":"0.75079","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00839","scoring_system":"epss","scoring_elements":"0.75092","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00839","scoring_system":"epss","scoring_elements":"0.75064","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00839","scoring_system":"epss","scoring_elements":"0.75087","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00839","scoring_system":"epss","scoring_elements":"0.75083","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48653"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:21:08Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/077755e6bbbc1c67b7508add9e3d207e8d8909a0","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/077755e6bbbc1c67b7508add9e3d207e8d8909a0"},{"reference_url":"https://github.com/concretecms/concretecms/commit/5b93470bcccf271810d3a0b190368ce6a9d6c84b","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/5b93470bcccf271810d3a0b190368ce6a9d6c84b"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:21:08Z/"}],"url":"https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48653","reference_id":"CVE-2023-48653","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48653"},{"reference_url":"https://github.com/advisories/GHSA-3rxx-8f33-7p6p","reference_id":"GHSA-3rxx-8f33-7p6p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3rxx-8f33-7p6p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69192?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.14"},{"url":"http://public2.vulnerablecode.io/api/packages/68344?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.3"}],"aliases":["CVE-2023-48653","GHSA-3rxx-8f33-7p6p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-agcq-9qz7-33a8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110160?format=json","vulnerability_id":"VCID-arng-9uc2-8qaj","summary":"Concrete CMS vulnerable to Session Fixation\nConcrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43687","reference_id":"","reference_type":"","scores":[{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54427","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54482","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54461","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54483","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54493","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54484","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43687"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:18:32Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:18:32Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/releases/8.5.10","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:18:32Z/"}],"url":"https://github.com/concretecms/concretecms/releases/8.5.10"},{"reference_url":"https://github.com/concretecms/concretecms/releases/9.1.3","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:18:32Z/"}],"url":"https://github.com/concretecms/concretecms/releases/9.1.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43687","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43687"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:18:32Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://github.com/advisories/GHSA-m53v-5x5x-5m2p","reference_id":"GHSA-m53v-5x5x-5m2p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m53v-5x5x-5m2p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65905?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-e9xa-h65d-xfe9"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-n7h1-u4gv-cuas"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-z677-bph6-eff9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/65906?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vhfu-j268-z3ac"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3"}],"aliases":["CVE-2022-43687","GHSA-m53v-5x5x-5m2p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-arng-9uc2-8qaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47392?format=json","vulnerability_id":"VCID-av2c-h349-tkae","summary":"Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter\nConcrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All administrators have access to the File Manager and hence could create a search filter with the malicious code attached. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator .","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3178","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2798","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27907","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2803","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27899","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27943","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3178"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T19:59:20Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA."},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T19:59:20Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA."},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295"},{"reference_url":"https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11988","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11988"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11989","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11989"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3178","reference_id":"CVE-2024-3178","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3178"},{"reference_url":"https://github.com/advisories/GHSA-xwrh-qxmc-x8c8","reference_id":"GHSA-xwrh-qxmc-x8c8","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xwrh-qxmc-x8c8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69620?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x9kw-h9dx-zydt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.16"},{"url":"http://public2.vulnerablecode.io/api/packages/69619?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8"}],"aliases":["CVE-2024-3178","GHSA-xwrh-qxmc-x8c8"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-av2c-h349-tkae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46152?format=json","vulnerability_id":"VCID-ba83-17k3-2ugw","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44762","reference_id":"","reference_type":"","scores":[{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44577","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44609","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44631","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.4459","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44623","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44762"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/sromanhu/ConcreteCMS-Reflected-XSS---Tags","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T16:28:16Z/"}],"url":"https://github.com/sromanhu/ConcreteCMS-Reflected-XSS---Tags"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44762","reference_id":"CVE-2023-44762","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44762"},{"reference_url":"https://github.com/advisories/GHSA-6fm3-r6mf-j875","reference_id":"GHSA-6fm3-r6mf-j875","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6fm3-r6mf-j875"}],"fixed_packages":[],"aliases":["CVE-2023-44762","GHSA-6fm3-r6mf-j875"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ba83-17k3-2ugw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46732?format=json","vulnerability_id":"VCID-c51u-7gm8-47g5","summary":"Cross-Site Request Forgery (CSRF)\nConcrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) via /ccm/system/dialogs/logs/delete_all/submit. An attacker can force an admin user to delete server report logs on a web application to which they are currently authenticated.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48652","reference_id":"","reference_type":"","scores":[{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56611","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56609","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.5659","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56605","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56617","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48652"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48652","reference_id":"CVE-2023-48652","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48652"},{"reference_url":"https://github.com/advisories/GHSA-qp42-5pj7-4ccm","reference_id":"GHSA-qp42-5pj7-4ccm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qp42-5pj7-4ccm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68344?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.3"}],"aliases":["CVE-2023-48652","GHSA-qp42-5pj7-4ccm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c51u-7gm8-47g5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50694?format=json","vulnerability_id":"VCID-d1gx-9h4s-83gr","summary":"Concrete CMS vulnerable to Remote Code Execution by stored PHP object injection\nConcrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injection into the Express Entry List block via the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed to unserialize() without class restrictions or integrity checks.\n\nThe Concrete CMS security team thanks YJK ( @YJK0805 https://hackerone.com/yjk0805 ) of  ZUSO ART https://zuso.ai/  for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3452","reference_id":"","reference_type":"","scores":[{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50972","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50939","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50922","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50951","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50967","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3452"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T16:02:03Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12826/changes/167f16e4805d8ab546d2997c753ac21bf4854920","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/12826/changes/167f16e4805d8ab546d2997c753ac21bf4854920"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12826/changes/167f16e4805d8ab546d2997c753ac21bf4854920://","reference_id":"167f16e4805d8ab546d2997c753ac21bf4854920:","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T16:02:03Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12826/changes/167f16e4805d8ab546d2997c753ac21bf4854920://"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3452","reference_id":"CVE-2026-3452","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3452"},{"reference_url":"https://github.com/advisories/GHSA-gj26-w59c-29mf","reference_id":"GHSA-gj26-w59c-29mf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gj26-w59c-29mf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74433?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8"}],"aliases":["CVE-2026-3452","GHSA-gj26-w59c-29mf"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d1gx-9h4s-83gr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45091?format=json","vulnerability_id":"VCID-e9xa-h65d-xfe9","summary":"Missing rate limit for password resets\nConcrete CMS (previously concrete5) before 9.1 does not have a rate limit for password resets.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28821","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51151","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51161","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51183","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51178","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51131","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28821"},{"reference_url":"https://github.com/concretecms/concretecms/releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:47:43Z/"}],"url":"https://github.com/concretecms/concretecms/releases"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:47:43Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28821","reference_id":"CVE-2023-28821","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28821"},{"reference_url":"https://github.com/advisories/GHSA-ph6g-6v8w-8p6m","reference_id":"GHSA-ph6g-6v8w-8p6m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ph6g-6v8w-8p6m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65025?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1nx7-y5wu-33f2"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-44dx-43hk-sbaq"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-arng-9uc2-8qaj"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-gupx-yrqr-mkf5"},{"vulnerability":"VCID-hbnc-g326-h7hj"},{"vulnerability":"VCID-js6u-2111-r3hv"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-ka5e-6mxu-pqbp"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p432-7c1h-rbh4"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-quse-xwtq-u3fn"},{"vulnerability":"VCID-ret1-4gwa-fkde"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y3mm-x9e4-63a8"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-ybb2-9a77-puhq"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-z8tm-pfx6-dyf4"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.0"}],"aliases":["CVE-2023-28821","GHSA-ph6g-6v8w-8p6m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e9xa-h65d-xfe9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46154?format=json","vulnerability_id":"VCID-ejn3-nh6a-tqad","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44766","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40535","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40565","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40593","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40549","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40589","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44766"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---SEO","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---SEO"},{"reference_url":"https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-31-concrete-cms-rejects-cve-2023-44760-and-cve-2023-44766","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-31-concrete-cms-rejects-cve-2023-44760-and-cve-2023-44766"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44766","reference_id":"CVE-2023-44766","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44766"},{"reference_url":"https://github.com/advisories/GHSA-437p-jfm4-2387","reference_id":"GHSA-437p-jfm4-2387","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-437p-jfm4-2387"}],"fixed_packages":[],"aliases":["CVE-2023-44766","GHSA-437p-jfm4-2387"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ejn3-nh6a-tqad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45098?format=json","vulnerability_id":"VCID-evgn-we1u-r3ey","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nConcrete CMS (previously concrete5) before 9.2 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28475","reference_id":"","reference_type":"","scores":[{"value":"0.02087","scoring_system":"epss","scoring_elements":"0.8435","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02087","scoring_system":"epss","scoring_elements":"0.84344","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02087","scoring_system":"epss","scoring_elements":"0.84332","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02087","scoring_system":"epss","scoring_elements":"0.84345","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02087","scoring_system":"epss","scoring_elements":"0.84347","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28475"},{"reference_url":"https://concretecms.com","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://concretecms.com"},{"reference_url":"https://github.com/concretecms/concretecms/commit/861ba66d248165c9ee9d6d11a0457908b97d68f0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/861ba66d248165c9ee9d6d11a0457908b97d68f0"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28475","reference_id":"CVE-2023-28475","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28475"},{"reference_url":"https://github.com/advisories/GHSA-vcpr-hm2m-gjjj","reference_id":"GHSA-vcpr-hm2m-gjjj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vcpr-hm2m-gjjj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65024?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0"}],"aliases":["CVE-2023-28475","GHSA-vcpr-hm2m-gjjj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-evgn-we1u-r3ey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42371?format=json","vulnerability_id":"VCID-fksd-jta3-k3c2","summary":"Unrestricted Uploads in Concrete5\nConcrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14961","reference_id":"","reference_type":"","scores":[{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57295","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57298","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57282","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57248","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57299","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57307","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14961"},{"reference_url":"https://github.com/concrete5/concrete5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concrete5/concrete5"},{"reference_url":"https://github.com/concrete5/concrete5/pull/8651","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concrete5/concrete5/pull/8651"},{"reference_url":"https://github.com/concrete5/concrete5/releases/tag/8.5.3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concrete5/concrete5/releases/tag/8.5.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14961","reference_id":"CVE-2020-14961","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14961"},{"reference_url":"https://github.com/advisories/GHSA-g4gm-pxh3-29fq","reference_id":"GHSA-g4gm-pxh3-29fq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g4gm-pxh3-29fq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59466?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1nx7-y5wu-33f2"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-44dx-43hk-sbaq"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-5v7t-rs6m-nbb4"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-arng-9uc2-8qaj"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-e9xa-h65d-xfe9"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gaj9-tm74-q3he"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-gupx-yrqr-mkf5"},{"vulnerability":"VCID-hbnc-g326-h7hj"},{"vulnerability":"VCID-js6u-2111-r3hv"},{"vulnerability":"VCID-ka5e-6mxu-pqbp"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-n7h1-u4gv-cuas"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p432-7c1h-rbh4"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-quse-xwtq-u3fn"},{"vulnerability":"VCID-ret1-4gwa-fkde"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-sfqn-j8bs-xue6"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y3mm-x9e4-63a8"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-ybb2-9a77-puhq"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-z677-bph6-eff9"},{"vulnerability":"VCID-z8tm-pfx6-dyf4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.3"}],"aliases":["CVE-2020-14961","GHSA-g4gm-pxh3-29fq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fksd-jta3-k3c2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50665?format=json","vulnerability_id":"VCID-fm12-usyg-dbb8","summary":"Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability\nIn Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field.\n\nThe Concrete CMS security team thanks minhnn42, namdi and quanlna2 from VCSLab-Viettel Cyber Security for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3240","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01383","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.0138","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01388","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3240"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:32:45Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12826","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:32:45Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12826"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3240","reference_id":"CVE-2026-3240","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3240"},{"reference_url":"https://github.com/advisories/GHSA-45fj-fvmm-xcc5","reference_id":"GHSA-45fj-fvmm-xcc5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-45fj-fvmm-xcc5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74433?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8"}],"aliases":["CVE-2026-3240","GHSA-45fj-fvmm-xcc5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fm12-usyg-dbb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45096?format=json","vulnerability_id":"VCID-fq4e-t1kv-67dv","summary":"Authenication bypass\nConcrete CMS (previously concrete5) before 9.2 is vulnerable to possible Auth bypass in the jobs section.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28473","reference_id":"","reference_type":"","scores":[{"value":"0.0074","scoring_system":"epss","scoring_elements":"0.73338","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0074","scoring_system":"epss","scoring_elements":"0.73336","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0074","scoring_system":"epss","scoring_elements":"0.73312","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0074","scoring_system":"epss","scoring_elements":"0.73325","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0074","scoring_system":"epss","scoring_elements":"0.73333","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28473"},{"reference_url":"https://concretecms.com","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:41:07Z/"}],"url":"https://concretecms.com"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11749","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11749"},{"reference_url":"https://github.com/concretecms/concretecms/releases/tag/8.5.13","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/releases/tag/8.5.13"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:41:07Z/"}],"url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:41:07Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28473","reference_id":"CVE-2023-28473","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28473"},{"reference_url":"https://github.com/advisories/GHSA-pj76-75cm-3552","reference_id":"GHSA-pj76-75cm-3552","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pj76-75cm-3552"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65024?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0"}],"aliases":["CVE-2023-28473","GHSA-pj76-75cm-3552"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fq4e-t1kv-67dv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46433?format=json","vulnerability_id":"VCID-fs9q-x8vg-2ucb","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nConcrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48649","reference_id":"","reference_type":"","scores":[{"value":"0.01256","scoring_system":"epss","scoring_elements":"0.79748","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01256","scoring_system":"epss","scoring_elements":"0.79742","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01256","scoring_system":"epss","scoring_elements":"0.79732","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01256","scoring_system":"epss","scoring_elements":"0.79743","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01256","scoring_system":"epss","scoring_elements":"0.79751","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48649"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T14:36:47Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T14:36:47Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11695","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T14:36:47Z/"}],"url":"https://github.com/concretecms/concretecms/pull/11695"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11739","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T14:36:47Z/"}],"url":"https://github.com/concretecms/concretecms/pull/11739"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T14:36:47Z/"}],"url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48649","reference_id":"CVE-2023-48649","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48649"},{"reference_url":"https://github.com/advisories/GHSA-36fr-3wg8-q5v8","reference_id":"GHSA-36fr-3wg8-q5v8","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-36fr-3wg8-q5v8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67800?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.13"},{"url":"http://public2.vulnerablecode.io/api/packages/67801?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.2"}],"aliases":["CVE-2023-48649","GHSA-36fr-3wg8-q5v8"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fs9q-x8vg-2ucb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41577?format=json","vulnerability_id":"VCID-gaj9-tm74-q3he","summary":"Server-Side Request Forgery (SSRF)\nA Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0 AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22958","reference_id":"","reference_type":"","scores":[{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60719","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60762","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60746","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60763","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60775","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60768","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22958"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/855-release-notes","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/855-release-notes"},{"reference_url":"https://github.com/concrete5/concrete5","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concrete5/concrete5"},{"reference_url":"https://github.com/concrete5/concrete5/pull/8826","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concrete5/concrete5/pull/8826"},{"reference_url":"https://hackerone.com/reports/863221","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/863221"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22958","reference_id":"CVE-2021-22958","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22958"},{"reference_url":"https://github.com/advisories/GHSA-284f-f2hw-j2gx","reference_id":"GHSA-284f-f2hw-j2gx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-284f-f2hw-j2gx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59249?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1nx7-y5wu-33f2"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-44dx-43hk-sbaq"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-arng-9uc2-8qaj"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-e9xa-h65d-xfe9"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-gupx-yrqr-mkf5"},{"vulnerability":"VCID-hbnc-g326-h7hj"},{"vulnerability":"VCID-js6u-2111-r3hv"},{"vulnerability":"VCID-ka5e-6mxu-pqbp"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-n7h1-u4gv-cuas"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p432-7c1h-rbh4"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-quse-xwtq-u3fn"},{"vulnerability":"VCID-ret1-4gwa-fkde"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-sfqn-j8bs-xue6"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y3mm-x9e4-63a8"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-ybb2-9a77-puhq"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-z677-bph6-eff9"},{"vulnerability":"VCID-z8tm-pfx6-dyf4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.5"}],"aliases":["CVE-2021-22958","GHSA-284f-f2hw-j2gx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gaj9-tm74-q3he"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55891?format=json","vulnerability_id":"VCID-ghk4-hq13-a7g1","summary":"Cross site scripting in Concrete CMS\nConcrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. Users or groups with permission to create event calendars can embed scripts, and users or groups with permission to modify event calendars can execute scripts.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7398","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40827","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40816","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40847","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40878","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40873","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7398"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:04:57Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:04:57Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/7c8ed0d1d9db0d7f6df7fa066e0858ea618451a5","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:04:57Z/"}],"url":"https://github.com/concretecms/concretecms/commit/7c8ed0d1d9db0d7f6df7fa066e0858ea618451a5"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12183","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:04:57Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12183"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12184","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:04:57Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12184"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7398","reference_id":"CVE-2024-7398","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7398"},{"reference_url":"https://github.com/advisories/GHSA-x8h2-255q-jg4x","reference_id":"GHSA-x8h2-255q-jg4x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x8h2-255q-jg4x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82651?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-x9kw-h9dx-zydt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.19"},{"url":"http://public2.vulnerablecode.io/api/packages/82652?format=json","purl":"pkg:composer/concrete5/concrete5@9.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-x9kw-h9dx-zydt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.3.4"}],"aliases":["CVE-2024-7398","GHSA-x8h2-255q-jg4x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ghk4-hq13-a7g1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109629?format=json","vulnerability_id":"VCID-gupx-yrqr-mkf5","summary":"Concrete CMS vulnerable to cross-site scripting in the text input field\nConcrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Remediate by updating to Concrete CMS 8.5.10 and Concrete CMS 9.1.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43556","reference_id":"","reference_type":"","scores":[{"value":"0.01853","scoring_system":"epss","scoring_elements":"0.83367","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01853","scoring_system":"epss","scoring_elements":"0.83396","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01853","scoring_system":"epss","scoring_elements":"0.83382","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01853","scoring_system":"epss","scoring_elements":"0.83389","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01853","scoring_system":"epss","scoring_elements":"0.83393","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01853","scoring_system":"epss","scoring_elements":"0.83391","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43556"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:59:04Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:59:04Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43556","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43556"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:59:04Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://github.com/advisories/GHSA-xj33-8r43-r227","reference_id":"GHSA-xj33-8r43-r227","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xj33-8r43-r227"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65905?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-e9xa-h65d-xfe9"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-n7h1-u4gv-cuas"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-z677-bph6-eff9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/65906?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vhfu-j268-z3ac"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3"}],"aliases":["CVE-2022-43556","GHSA-xj33-8r43-r227"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gupx-yrqr-mkf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110208?format=json","vulnerability_id":"VCID-hbnc-g326-h7hj","summary":"Concrete CMS vulnerable to Cross-site Scripting\nConcrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in icons since the Microsoft application tile color is not sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43688","reference_id":"","reference_type":"","scores":[{"value":"0.0037","scoring_system":"epss","scoring_elements":"0.59127","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0037","scoring_system":"epss","scoring_elements":"0.5917","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0037","scoring_system":"epss","scoring_elements":"0.59154","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0037","scoring_system":"epss","scoring_elements":"0.59172","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0037","scoring_system":"epss","scoring_elements":"0.59179","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0037","scoring_system":"epss","scoring_elements":"0.59175","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43688"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/51f19b377a19c97a8b8f1d4d0f13724ed1c7c7a7","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/51f19b377a19c97a8b8f1d4d0f13724ed1c7c7a7"},{"reference_url":"https://github.com/concretecms/concretecms/commit/6d46ca042fcfeda0f7881d8744f5216ef1abce0e","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/6d46ca042fcfeda0f7881d8744f5216ef1abce0e"},{"reference_url":"https://github.com/concretecms/concretecms/pull/10999","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/10999"},{"reference_url":"https://github.com/concretecms/concretecms/releases/8.5.10","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/releases/8.5.10"},{"reference_url":"https://github.com/concretecms/concretecms/releases/9.1.3","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/releases/9.1.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43688","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43688"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://github.com/advisories/GHSA-9jc5-9wh5-mc36","reference_id":"GHSA-9jc5-9wh5-mc36","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9jc5-9wh5-mc36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65905?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-e9xa-h65d-xfe9"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-n7h1-u4gv-cuas"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-z677-bph6-eff9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/65906?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vhfu-j268-z3ac"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3"}],"aliases":["CVE-2022-43688","GHSA-9jc5-9wh5-mc36"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hbnc-g326-h7hj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110183?format=json","vulnerability_id":"VCID-js6u-2111-r3hv","summary":"Concrete CMS vulnerable to Cross-site Request Forgery\nConcrete CMS is vulnerable to CSRF due to the lack of \"State\" parameter for external Concrete authentication service for users of Concrete who use the \"out of the box\" core OAuth.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43693","reference_id":"","reference_type":"","scores":[{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.4757","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47586","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47587","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47521","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62834","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.6282","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43693"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:08:21Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:08:21Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/releases/8.5.10","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:08:21Z/"}],"url":"https://github.com/concretecms/concretecms/releases/8.5.10"},{"reference_url":"https://github.com/concretecms/concretecms/releases/9.1.3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:08:21Z/"}],"url":"https://github.com/concretecms/concretecms/releases/9.1.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43693","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43693"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:08:21Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://github.com/advisories/GHSA-w8fp-3gwq-gxpw","reference_id":"GHSA-w8fp-3gwq-gxpw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w8fp-3gwq-gxpw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65905?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-e9xa-h65d-xfe9"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-n7h1-u4gv-cuas"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-z677-bph6-eff9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/65906?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vhfu-j268-z3ac"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3"}],"aliases":["CVE-2022-43693","GHSA-w8fp-3gwq-gxpw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-js6u-2111-r3hv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110153?format=json","vulnerability_id":"VCID-ka5e-6mxu-pqbp","summary":"Concrete CMS vulnerable to XML External Entity\nConcrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43689","reference_id":"","reference_type":"","scores":[{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.5255","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52594","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52571","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52598","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52617","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52609","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43689"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:16:39Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:16:39Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/releases/8.5.10","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:16:39Z/"}],"url":"https://github.com/concretecms/concretecms/releases/8.5.10"},{"reference_url":"https://github.com/concretecms/concretecms/releases/9.1.3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:16:39Z/"}],"url":"https://github.com/concretecms/concretecms/releases/9.1.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43689","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43689"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:16:39Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://github.com/advisories/GHSA-q48r-xg9h-78m8","reference_id":"GHSA-q48r-xg9h-78m8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q48r-xg9h-78m8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65905?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-e9xa-h65d-xfe9"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-n7h1-u4gv-cuas"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-z677-bph6-eff9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/148565?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1nx7-y5wu-33f2"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-44dx-43hk-sbaq"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-arng-9uc2-8qaj"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-gupx-yrqr-mkf5"},{"vulnerability":"VCID-hbnc-g326-h7hj"},{"vulnerability":"VCID-js6u-2111-r3hv"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p432-7c1h-rbh4"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-quse-xwtq-u3fn"},{"vulnerability":"VCID-ret1-4gwa-fkde"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y3mm-x9e4-63a8"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-ybb2-9a77-puhq"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-z8tm-pfx6-dyf4"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.2"}],"aliases":["CVE-2022-43689","GHSA-q48r-xg9h-78m8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ka5e-6mxu-pqbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90989?format=json","vulnerability_id":"VCID-kpff-cc68-rufm","summary":"ConcreteCMS is vulnerable to Denial of Service During Bulk Downloads\nConcreteCMS v9.4.7 contains a Denial of Service (DoS) vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive::addFromString' combined with 'file_get_contents', which loads the entire content of every selected file into PHP memory. An authenticated attacker can exploit this by requesting a bulk download of large files, triggering an Out-Of-Memory (OOM) condition that causes the PHP-FPM process to terminate (SIGSEGV) and the web server to return a 500 error.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30662","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18769","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18667","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18649","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18767","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18729","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30662"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30662","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30662"},{"reference_url":"https://wang1rrr.github.io/2026/02/11/CVE-Report-ConcreteCMS-DoS","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wang1rrr.github.io/2026/02/11/CVE-Report-ConcreteCMS-DoS"},{"reference_url":"https://wang1rrr.github.io/2026/02/11/CVE-Report-ConcreteCMS-DoS/","reference_id":"CVE-Report-ConcreteCMS-DoS","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:49:15Z/"}],"url":"https://wang1rrr.github.io/2026/02/11/CVE-Report-ConcreteCMS-DoS/"},{"reference_url":"https://github.com/advisories/GHSA-p68c-rmfh-j48h","reference_id":"GHSA-p68c-rmfh-j48h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p68c-rmfh-j48h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74433?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8"}],"aliases":["CVE-2026-30662","GHSA-p68c-rmfh-j48h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kpff-cc68-rufm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57784?format=json","vulnerability_id":"VCID-kxrj-be1c-uube","summary":"Concrete CMS vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page\nConcrete CMS 9 to 9.4.2 and versions below 8.5.21 are vulnerable to Reflected Cross-Site Scripting (XSS) in the Conversation Messages Dashboard Page. Unsanitized input could cause theft of session cookies or tokens, defacement of web content, redirection to malicious sites, and (if victim is an admin), the execution of unauthorized actions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8571","reference_id":"","reference_type":"","scores":[{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49602","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.4958","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49565","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49594","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49612","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8571"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/943-release-notes","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-06T16:14:47Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/943-release-notes"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8521-release-notes","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-06T16:14:47Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8521-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/4b39dcc17c309dc82eb8398e8cdb146942f62f92","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/4b39dcc17c309dc82eb8398e8cdb146942f62f92"},{"reference_url":"https://github.com/concretecms/concretecms/commit/f7630b467d3a234d3d333ca117046a500e7ee2b6","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/f7630b467d3a234d3d333ca117046a500e7ee2b6"},{"reference_url":"https://www.concretecms.org/download","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-06T16:14:47Z/"}],"url":"https://www.concretecms.org/download"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8571","reference_id":"CVE-2025-8571","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8571"},{"reference_url":"https://github.com/advisories/GHSA-4pcg-pjp5-3mc6","reference_id":"GHSA-4pcg-pjp5-3mc6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4pcg-pjp5-3mc6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85977?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.21"},{"url":"http://public2.vulnerablecode.io/api/packages/85978?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.3"}],"aliases":["CVE-2025-8571","GHSA-4pcg-pjp5-3mc6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kxrj-be1c-uube"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55666?format=json","vulnerability_id":"VCID-m55n-jx31-g3f6","summary":"Concrete CMS Stored Cross-site Scripting vulnerability\nConcrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4350","reference_id":"","reference_type":"","scores":[{"value":"0.01032","scoring_system":"epss","scoring_elements":"0.77707","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01032","scoring_system":"epss","scoring_elements":"0.77712","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01032","scoring_system":"epss","scoring_elements":"0.77694","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01032","scoring_system":"epss","scoring_elements":"0.77704","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01032","scoring_system":"epss","scoring_elements":"0.77714","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4350"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723060415d52041","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:51:55Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723060415d52041"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8518-release-notes?pk_vid=e367a434ef4830491723055758d52041","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:51:55Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8518-release-notes?pk_vid=e367a434ef4830491723055758d52041"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/55e485e06b0b3342613a55af6a7c61d939d2ccb5","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/55e485e06b0b3342613a55af6a7c61d939d2ccb5"},{"reference_url":"https://github.com/concretecms/concretecms/commit/c08d9671cec4e7afdabb547339c4bc0bed8eab06","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:51:55Z/"}],"url":"https://github.com/concretecms/concretecms/commit/c08d9671cec4e7afdabb547339c4bc0bed8eab06"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12166","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:51:55Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12166"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4350","reference_id":"CVE-2024-4350","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4350"},{"reference_url":"https://github.com/advisories/GHSA-q5wx-m95r-4cgc","reference_id":"GHSA-q5wx-m95r-4cgc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q5wx-m95r-4cgc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82372?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x9kw-h9dx-zydt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.18"},{"url":"http://public2.vulnerablecode.io/api/packages/82373?format=json","purl":"pkg:composer/concrete5/concrete5@9.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x9kw-h9dx-zydt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.3.3"}],"aliases":["CVE-2024-4350","GHSA-q5wx-m95r-4cgc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m55n-jx31-g3f6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50698?format=json","vulnerability_id":"VCID-mpkf-qdcc-pba7","summary":"Concrete CMS vulnerable to Cross-Site Request Forgery (CSRF)\nConcrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam Allowlist Group Configuration via group_id parameter which can leads to a security bypass since changes are saved prior to checking the CSRF token.\n\nThe Concrete CMS security team thanks z3rco for reporting","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2994","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01452","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01451","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01453","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01461","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01459","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2994"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:04:57Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12826","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:04:57Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12826"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2994","reference_id":"CVE-2026-2994","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2994"},{"reference_url":"https://github.com/advisories/GHSA-6mxw-2vhf-42g5","reference_id":"GHSA-6mxw-2vhf-42g5","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6mxw-2vhf-42g5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74433?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8"}],"aliases":["CVE-2026-2994","GHSA-6mxw-2vhf-42g5"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mpkf-qdcc-pba7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45095?format=json","vulnerability_id":"VCID-n7h1-u4gv-cuas","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nConcrete CMS (previously concrete5) before 9.1 is vulnerable to Stored XSS in uploaded file and folder names.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28819","reference_id":"","reference_type":"","scores":[{"value":"0.02002","scoring_system":"epss","scoring_elements":"0.84013","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02002","scoring_system":"epss","scoring_elements":"0.84002","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02002","scoring_system":"epss","scoring_elements":"0.84011","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02002","scoring_system":"epss","scoring_elements":"0.84016","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28819"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11749","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11749"},{"reference_url":"https://github.com/concretecms/concretecms/releases","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/releases"},{"reference_url":"https://github.com/concretecms/concretecms/releases/tag/8.5.13","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/releases/tag/8.5.13"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28819","reference_id":"CVE-2023-28819","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28819"},{"reference_url":"https://github.com/advisories/GHSA-474f-mcjv-pgrm","reference_id":"GHSA-474f-mcjv-pgrm","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-474f-mcjv-pgrm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65025?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1nx7-y5wu-33f2"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-44dx-43hk-sbaq"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-arng-9uc2-8qaj"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-gupx-yrqr-mkf5"},{"vulnerability":"VCID-hbnc-g326-h7hj"},{"vulnerability":"VCID-js6u-2111-r3hv"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-ka5e-6mxu-pqbp"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p432-7c1h-rbh4"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-quse-xwtq-u3fn"},{"vulnerability":"VCID-ret1-4gwa-fkde"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y3mm-x9e4-63a8"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-ybb2-9a77-puhq"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-z8tm-pfx6-dyf4"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.0"}],"aliases":["CVE-2023-28819","GHSA-474f-mcjv-pgrm"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n7h1-u4gv-cuas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50695?format=json","vulnerability_id":"VCID-nsk7-qkpu-d7ab","summary":"Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability\nIn Concrete CMS below version 9.4.8, a Cross-site Scripting (XSS) vulnerability exists in the \"Legacy Form\" block. An authenticated user with permissions to create or edit forms (e.g., a rogue administrator) can inject a persistent JavaScript payload into the options of a multiple-choice question (Checkbox List, Radio Buttons, or Select Box). This payload is then executed in the browser of any user who views the page containing the form.\n\nThe Concrete CMS security team thanks M3dium for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3241","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.0123","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01227","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01229","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01226","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3241"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:41:54Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12826","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:41:54Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12826"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3241","reference_id":"CVE-2026-3241","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3241"},{"reference_url":"https://github.com/advisories/GHSA-f4vq-pj32-gr4q","reference_id":"GHSA-f4vq-pj32-gr4q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f4vq-pj32-gr4q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74433?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8"}],"aliases":["CVE-2026-3241","GHSA-f4vq-pj32-gr4q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nsk7-qkpu-d7ab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110295?format=json","vulnerability_id":"VCID-p432-7c1h-rbh4","summary":"Concrete CMS vulnerable to Uncontrolled Resource Consumption leading to DoS\nIn Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service (high load).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43686","reference_id":"","reference_type":"","scores":[{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74349","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74383","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74357","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74374","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74387","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74382","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43686"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:20:30Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:20:30Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/releases/8.5.10","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:20:30Z/"}],"url":"https://github.com/concretecms/concretecms/releases/8.5.10"},{"reference_url":"https://github.com/concretecms/concretecms/releases/9.1.3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:20:30Z/"}],"url":"https://github.com/concretecms/concretecms/releases/9.1.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43686","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43686"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:20:30Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://github.com/advisories/GHSA-3cxx-3f53-m92c","reference_id":"GHSA-3cxx-3f53-m92c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3cxx-3f53-m92c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65905?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-e9xa-h65d-xfe9"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-n7h1-u4gv-cuas"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-z677-bph6-eff9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/65906?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vhfu-j268-z3ac"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3"}],"aliases":["CVE-2022-43686","GHSA-3cxx-3f53-m92c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p432-7c1h-rbh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46160?format=json","vulnerability_id":"VCID-p4jp-hyhv-9ba9","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44761","reference_id":"","reference_type":"","scores":[{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53522","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53492","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53516","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53531","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44761"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Forms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Forms"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44761","reference_id":"CVE-2023-44761","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44761"},{"reference_url":"https://github.com/advisories/GHSA-p4jj-gwpg-9jwh","reference_id":"GHSA-p4jj-gwpg-9jwh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p4jj-gwpg-9jwh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67801?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.2"}],"aliases":["CVE-2023-44761","GHSA-p4jj-gwpg-9jwh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p4jp-hyhv-9ba9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55832?format=json","vulnerability_id":"VCID-p6u3-8e7t-dybm","summary":"Concrete CMS Stored XSS in the \"Next&Previous Nav\" block\nConcrete CMS versions 9.0.0 to 9.3.4 and below 8.5.19 are vulnerable to Stored XSS in the \"Next&Previous Nav\" block. A rogue administrator could add a malicious payload  by executing it in the browsers of targeted users. Since the \"Next&Previous Nav\" block output was not sufficiently sanitized, the malicious payload could be executed in the browsers of targeted users.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8661","reference_id":"","reference_type":"","scores":[{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67969","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67953","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67966","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67976","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67968","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8661"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T20:05:43Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T20:05:43Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/3e548b416ae32efee1e0a42c4510be1106c7eb25","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/3e548b416ae32efee1e0a42c4510be1106c7eb25"},{"reference_url":"https://github.com/concretecms/concretecms/commit/ce5ee2ab83fe8de6fa012dd51c5a1dde05cb0dc4","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T20:05:43Z/"}],"url":"https://github.com/concretecms/concretecms/commit/ce5ee2ab83fe8de6fa012dd51c5a1dde05cb0dc4"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12204","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T20:05:43Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12204"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8661","reference_id":"CVE-2024-8661","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8661"},{"reference_url":"https://github.com/advisories/GHSA-xmxj-v2q8-8qx6","reference_id":"GHSA-xmxj-v2q8-8qx6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xmxj-v2q8-8qx6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82651?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-x9kw-h9dx-zydt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.19"},{"url":"http://public2.vulnerablecode.io/api/packages/82652?format=json","purl":"pkg:composer/concrete5/concrete5@9.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-x9kw-h9dx-zydt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.3.4"}],"aliases":["CVE-2024-8661","GHSA-xmxj-v2q8-8qx6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p6u3-8e7t-dybm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41666?format=json","vulnerability_id":"VCID-qaf7-w9wz-aua9","summary":"Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11476","reference_id":"","reference_type":"","scores":[{"value":"0.00754","scoring_system":"epss","scoring_elements":"0.73626","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00754","scoring_system":"epss","scoring_elements":"0.73628","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00754","scoring_system":"epss","scoring_elements":"0.73602","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00754","scoring_system":"epss","scoring_elements":"0.73617","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00754","scoring_system":"epss","scoring_elements":"0.7359","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00754","scoring_system":"epss","scoring_elements":"0.7363","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11476"},{"reference_url":"https://github.com/concrete5/concrete5","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concrete5/concrete5"},{"reference_url":"https://github.com/concrete5/concrete5/pull/8713","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concrete5/concrete5/pull/8713"},{"reference_url":"https://github.com/concrete5/concrete5/releases/tag/8.5.3","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concrete5/concrete5/releases/tag/8.5.3"},{"reference_url":"https://github.com/concretecms/concretecms/commit/d296f4ba4f6ad94b199c21c1b16f0d185adab343","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/d296f4ba4f6ad94b199c21c1b16f0d185adab343"},{"reference_url":"https://herolab.usd.de/security-advisories/usd-2020-0041","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://herolab.usd.de/security-advisories/usd-2020-0041"},{"reference_url":"https://herolab.usd.de/security-advisories/usd-2020-0041/","reference_id":"","reference_type":"","scores":[],"url":"https://herolab.usd.de/security-advisories/usd-2020-0041/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11476","reference_id":"CVE-2020-11476","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11476"},{"reference_url":"https://github.com/advisories/GHSA-hf9p-9r39-r2h3","reference_id":"GHSA-hf9p-9r39-r2h3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hf9p-9r39-r2h3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59466?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1nx7-y5wu-33f2"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-44dx-43hk-sbaq"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-5v7t-rs6m-nbb4"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-arng-9uc2-8qaj"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-e9xa-h65d-xfe9"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gaj9-tm74-q3he"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-gupx-yrqr-mkf5"},{"vulnerability":"VCID-hbnc-g326-h7hj"},{"vulnerability":"VCID-js6u-2111-r3hv"},{"vulnerability":"VCID-ka5e-6mxu-pqbp"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-n7h1-u4gv-cuas"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p432-7c1h-rbh4"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-quse-xwtq-u3fn"},{"vulnerability":"VCID-ret1-4gwa-fkde"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-sfqn-j8bs-xue6"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y3mm-x9e4-63a8"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-ybb2-9a77-puhq"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-z677-bph6-eff9"},{"vulnerability":"VCID-z8tm-pfx6-dyf4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.3"}],"aliases":["CVE-2020-11476","GHSA-hf9p-9r39-r2h3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qaf7-w9wz-aua9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57066?format=json","vulnerability_id":"VCID-qfja-3put-jqa5","summary":"Concrete CMS Vulnerable to Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS)\nConcrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 are vulnerable to CSRF and XSS in the Concrete CMS Address attribute because addresses are not properly sanitized in the output when a country is not specified.  Attackers are limited to individuals whom a site administrator has granted the ability to fill in an address attribute. It is possible for the attacker to glean limited information from the site but amount and type is restricted by mitigating controls and the level of access of the attacker. Limited data modification is possible. The dashboard page itself could be rendered unavailable.\nThe fix only sanitizes new data uploaded post update to Concrete CMS 9.4.0RC2. Existing database entries added before the update will still be “live” if there were successful exploits added under previous versions; a database search is recommended. The Concrete CMS security team gave this vulnerability CVSS v.4.0 score of 5.1  with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L Thanks Myq Larson for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3153","reference_id":"","reference_type":"","scores":[{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56431","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56419","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56424","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56402","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56418","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3153"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:04:27Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12511","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:04:27Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12511"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12512","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:04:27Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12512"},{"reference_url":"https://github.com/concretecms/concretecms/releases/tag/8.5.20","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:04:27Z/"}],"url":"https://github.com/concretecms/concretecms/releases/tag/8.5.20"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3153","reference_id":"CVE-2025-3153","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3153"},{"reference_url":"https://github.com/advisories/GHSA-cmm4-p9v2-q453","reference_id":"GHSA-cmm4-p9v2-q453","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cmm4-p9v2-q453"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84726?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.20"},{"url":"http://public2.vulnerablecode.io/api/packages/812609?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.0RC2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.0RC2"},{"url":"http://public2.vulnerablecode.io/api/packages/84725?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.0-RC2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.0-RC2"}],"aliases":["CVE-2025-3153","GHSA-cmm4-p9v2-q453"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qfja-3put-jqa5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110300?format=json","vulnerability_id":"VCID-quse-xwtq-u3fn","summary":"Concrete CMS vulnerable to Reflected Cross-site Scripting\nConcrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS - user can cause an administrator to trigger reflected XSS with a url if the targeted administrator is using an old browser that lacks XSS protection. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43692","reference_id":"","reference_type":"","scores":[{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71446","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71429","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71402","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71452","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71437","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71413","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43692"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:10:04Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:10:04Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/0bd65388e5a6d455d8b2469fc166f1b6fdf1abbb","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/0bd65388e5a6d455d8b2469fc166f1b6fdf1abbb"},{"reference_url":"https://github.com/concretecms/concretecms/commit/5e353be6a12764dbc2338246f2c1b6058cdfd037","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/5e353be6a12764dbc2338246f2c1b6058cdfd037"},{"reference_url":"https://github.com/concretecms/concretecms/pull/10996","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/10996"},{"reference_url":"https://github.com/concretecms/concretecms/releases/8.5.10","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:10:04Z/"}],"url":"https://github.com/concretecms/concretecms/releases/8.5.10"},{"reference_url":"https://github.com/concretecms/concretecms/releases/9.1.3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:10:04Z/"}],"url":"https://github.com/concretecms/concretecms/releases/9.1.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43692","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43692"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:10:04Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://github.com/advisories/GHSA-rg6w-c352-p8pg","reference_id":"GHSA-rg6w-c352-p8pg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rg6w-c352-p8pg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65905?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-e9xa-h65d-xfe9"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-n7h1-u4gv-cuas"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-z677-bph6-eff9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/65906?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vhfu-j268-z3ac"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3"}],"aliases":["CVE-2022-43692","GHSA-rg6w-c352-p8pg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-quse-xwtq-u3fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110174?format=json","vulnerability_id":"VCID-ret1-4gwa-fkde","summary":"Concrete CMS vulnerable to Improper Authentication\nConcrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this functionality. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43690","reference_id":"","reference_type":"","scores":[{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56796","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56843","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56854","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56847","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56848","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56828","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43690"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:13:50Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:13:50Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/a4dc73a4a47823373d4b4824534bb9b7d251f72c","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/a4dc73a4a47823373d4b4824534bb9b7d251f72c"},{"reference_url":"https://github.com/concretecms/concretecms/commit/d5dd12c40efed326b26862391b7e1e6f414cdd55","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/d5dd12c40efed326b26862391b7e1e6f414cdd55"},{"reference_url":"https://github.com/concretecms/concretecms/releases/8.5.10","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:13:50Z/"}],"url":"https://github.com/concretecms/concretecms/releases/8.5.10"},{"reference_url":"https://github.com/concretecms/concretecms/releases/9.1.3","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:13:50Z/"}],"url":"https://github.com/concretecms/concretecms/releases/9.1.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43690","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43690"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:13:50Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://github.com/advisories/GHSA-q56r-mw39-944g","reference_id":"GHSA-q56r-mw39-944g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q56r-mw39-944g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65905?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-e9xa-h65d-xfe9"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-n7h1-u4gv-cuas"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-z677-bph6-eff9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/65906?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vhfu-j268-z3ac"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3"}],"aliases":["CVE-2022-43690","GHSA-q56r-mw39-944g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ret1-4gwa-fkde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47157?format=json","vulnerability_id":"VCID-s9y7-gqug-wfb8","summary":"Concrete CMS Stored XSS in Layout Preset Name\nConcrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48650","reference_id":"","reference_type":"","scores":[{"value":"0.01073","scoring_system":"epss","scoring_elements":"0.78132","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01073","scoring_system":"epss","scoring_elements":"0.78135","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01073","scoring_system":"epss","scoring_elements":"0.78118","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01073","scoring_system":"epss","scoring_elements":"0.78129","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01073","scoring_system":"epss","scoring_elements":"0.78139","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48650"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-01T18:50:14Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/077755e6bbbc1c67b7508add9e3d207e8d8909a0","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/077755e6bbbc1c67b7508add9e3d207e8d8909a0"},{"reference_url":"https://github.com/concretecms/concretecms/commit/5b93470bcccf271810d3a0b190368ce6a9d6c84b","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/5b93470bcccf271810d3a0b190368ce6a9d6c84b"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-01T18:50:14Z/"}],"url":"https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48650","reference_id":"CVE-2023-48650","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48650"},{"reference_url":"https://github.com/advisories/GHSA-x577-gcc9-9xjj","reference_id":"GHSA-x577-gcc9-9xjj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x577-gcc9-9xjj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69192?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.14"},{"url":"http://public2.vulnerablecode.io/api/packages/68344?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.3"}],"aliases":["CVE-2023-48650","GHSA-x577-gcc9-9xjj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s9y7-gqug-wfb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45092?format=json","vulnerability_id":"VCID-secg-k297-qua9","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nConcrete CMS (previously concrete5) before 9.2 is vulnerable to stored XSS on API Integrations via the name parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28477","reference_id":"","reference_type":"","scores":[{"value":"0.02044","scoring_system":"epss","scoring_elements":"0.84188","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02044","scoring_system":"epss","scoring_elements":"0.84175","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02044","scoring_system":"epss","scoring_elements":"0.84186","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02044","scoring_system":"epss","scoring_elements":"0.84192","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28477"},{"reference_url":"https://concretecms.com","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://concretecms.com"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/546cef6ec29208d5c079113635cd6e6b250e9f7c","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/546cef6ec29208d5c079113635cd6e6b250e9f7c"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28477","reference_id":"CVE-2023-28477","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28477"},{"reference_url":"https://github.com/advisories/GHSA-xfmj-r86m-j2hr","reference_id":"GHSA-xfmj-r86m-j2hr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xfmj-r86m-j2hr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65024?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0"}],"aliases":["CVE-2023-28477","GHSA-xfmj-r86m-j2hr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-secg-k297-qua9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42381?format=json","vulnerability_id":"VCID-sfqn-j8bs-xue6","summary":"Cross-Site Request Forgery (CSRF)\nA cross-site request forgery vulnerability exists in Concrete CMS that could allow an attacker to make requests on behalf of other users.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22954","reference_id":"","reference_type":"","scores":[{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35122","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35174","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35136","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.351","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35063","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35158","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22954"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/90-release-notes","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/90-release-notes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22954","reference_id":"CVE-2021-22954","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22954"},{"reference_url":"https://github.com/advisories/GHSA-gr23-g276-xc73","reference_id":"GHSA-gr23-g276-xc73","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gr23-g276-xc73"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60613?format=json","purl":"pkg:composer/concrete5/concrete5@9.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1nx7-y5wu-33f2"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-44dx-43hk-sbaq"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-arng-9uc2-8qaj"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-e9xa-h65d-xfe9"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-gupx-yrqr-mkf5"},{"vulnerability":"VCID-hbnc-g326-h7hj"},{"vulnerability":"VCID-js6u-2111-r3hv"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-ka5e-6mxu-pqbp"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-n7h1-u4gv-cuas"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p432-7c1h-rbh4"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-quse-xwtq-u3fn"},{"vulnerability":"VCID-ret1-4gwa-fkde"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y3mm-x9e4-63a8"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-ybb2-9a77-puhq"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-z677-bph6-eff9"},{"vulnerability":"VCID-z8tm-pfx6-dyf4"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.0.0"}],"aliases":["CVE-2021-22954","GHSA-gr23-g276-xc73"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sfqn-j8bs-xue6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50690?format=json","vulnerability_id":"VCID-ty4u-uvks-jfgb","summary":"Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability\nIn Concrete CMS below version 9.4.8, a rogue administrator can add stored XSS via the Switch Language block.\n\nThe Concrete CMS security team gave thanks M3dium for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3242","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01383","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.0138","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01388","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3242"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:42:24Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12826","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:42:24Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12826"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3242","reference_id":"CVE-2026-3242","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3242"},{"reference_url":"https://github.com/advisories/GHSA-w9qg-chfh-g3q9","reference_id":"GHSA-w9qg-chfh-g3q9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w9qg-chfh-g3q9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74433?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8"}],"aliases":["CVE-2026-3242","GHSA-w9qg-chfh-g3q9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ty4u-uvks-jfgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50687?format=json","vulnerability_id":"VCID-vubh-brda-yfb9","summary":"Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability\nIn Concrete CMS below version 9.4.8, A stored Cross-site Scripting (XSS) vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page names that executes when users search for and view those pages in search results.\n\nThe Concrete CMS security team thanks zolpak for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3244","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01383","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.0138","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01388","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3244"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:50:43Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12826","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:50:43Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12826"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3244","reference_id":"CVE-2026-3244","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3244"},{"reference_url":"https://github.com/advisories/GHSA-mm5f-5rqw-574f","reference_id":"GHSA-mm5f-5rqw-574f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mm5f-5rqw-574f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74433?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8"}],"aliases":["CVE-2026-3244","GHSA-mm5f-5rqw-574f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vubh-brda-yfb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55896?format=json","vulnerability_id":"VCID-w2an-6qk1-1qh5","summary":"Cross site scripting in Concrete CMS\nConcrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color.  A rogue admin could add malicious code to the Thumbnails/Add-Type.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8291","reference_id":"","reference_type":"","scores":[{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56978","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56976","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56958","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56972","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56985","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8291"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:05:39Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:05:39Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/d97b43b8dd0b5578b41d2ffb5b2186a44c2c772c","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/d97b43b8dd0b5578b41d2ffb5b2186a44c2c772c"},{"reference_url":"https://github.com/concretecms/concretecms/commit/dbce253166f6b10ff3e0c09e50fd395370b8b065","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:05:39Z/"}],"url":"https://github.com/concretecms/concretecms/commit/dbce253166f6b10ff3e0c09e50fd395370b8b065"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12183","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:05:39Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12183"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8291","reference_id":"CVE-2024-8291","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8291"},{"reference_url":"https://github.com/advisories/GHSA-q7qr-22qw-pqgx","reference_id":"GHSA-q7qr-22qw-pqgx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q7qr-22qw-pqgx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82651?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-x9kw-h9dx-zydt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.19"},{"url":"http://public2.vulnerablecode.io/api/packages/82652?format=json","purl":"pkg:composer/concrete5/concrete5@9.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-x9kw-h9dx-zydt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.3.4"}],"aliases":["CVE-2024-8291","GHSA-q7qr-22qw-pqgx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w2an-6qk1-1qh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47393?format=json","vulnerability_id":"VCID-x7qc-tw7s-tugy","summary":"Concrete CMS Stored XSS on the calendar color settings screen\nConcrete CMS version 9 before 9.2.8 and previous versions prior to 8.5.16 is vulnerable to Stored XSS on the calendar color settings screen since Information input by the user is output without escaping. A rogue administrator could inject malicious javascript into the Calendar Color Settings screen which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.0 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N&version=3.1 https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator\n\nThank you Rikuto Tauchi for reporting","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2753","reference_id":"","reference_type":"","scores":[{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48159","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48141","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48174","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48177","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48129","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2753"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.","reference_id":"","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:53:05Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA."},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.","reference_id":"","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:53:05Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA."},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295"},{"reference_url":"https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2753","reference_id":"CVE-2024-2753","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2753"},{"reference_url":"https://github.com/advisories/GHSA-pj42-r64f-4xfq","reference_id":"GHSA-pj42-r64f-4xfq","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pj42-r64f-4xfq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69620?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x9kw-h9dx-zydt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.16"},{"url":"http://public2.vulnerablecode.io/api/packages/69619?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8"}],"aliases":["CVE-2024-2753","GHSA-pj42-r64f-4xfq"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x7qc-tw7s-tugy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56779?format=json","vulnerability_id":"VCID-x9kw-h9dx-zydt","summary":"Concrete CMS affected by a stored XSS in Folder Function.The \"Add Folder\" functionality\nConcrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The \"Add Folder\" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names.  The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N. Versions below 9 are not affected. Thanks, Alfin Joseph for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0660","reference_id":"","reference_type":"","scores":[{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36118","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36046","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36088","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36128","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43722","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0660"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:38:19Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes"},{"reference_url":"https://github.com/concretecms/bedrock/pull/370","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:38:19Z/"}],"url":"https://github.com/concretecms/bedrock/pull/370"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12454","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:38:19Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12454"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-0660","reference_id":"CVE-2025-0660","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-0660"},{"reference_url":"https://github.com/advisories/GHSA-pvmx-mjmh-jfcx","reference_id":"GHSA-pvmx-mjmh-jfcx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pvmx-mjmh-jfcx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/806844?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.0RC1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.0RC1"},{"url":"http://public2.vulnerablecode.io/api/packages/84300?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.0-RC1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.0-RC1"}],"aliases":["CVE-2025-0660","GHSA-pvmx-mjmh-jfcx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x9kw-h9dx-zydt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110327?format=json","vulnerability_id":"VCID-y3mm-x9e4-63a8","summary":"Concrete CMS vulnerable to Reflected Cross-Site Scripting via dashboard icons\nConcrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43968","reference_id":"","reference_type":"","scores":[{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71446","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71429","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71402","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71452","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71437","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71413","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43968"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:39:35Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:39:35Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/releases/8.5.10","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:39:35Z/"}],"url":"https://github.com/concretecms/concretecms/releases/8.5.10"},{"reference_url":"https://github.com/concretecms/concretecms/releases/9.1.3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:39:35Z/"}],"url":"https://github.com/concretecms/concretecms/releases/9.1.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43968","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43968"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:39:35Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://github.com/advisories/GHSA-8782-xgh5-r7mv","reference_id":"GHSA-8782-xgh5-r7mv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8782-xgh5-r7mv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65905?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-e9xa-h65d-xfe9"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-n7h1-u4gv-cuas"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-z677-bph6-eff9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/65906?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vhfu-j268-z3ac"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3"}],"aliases":["CVE-2022-43968","GHSA-8782-xgh5-r7mv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y3mm-x9e4-63a8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45088?format=json","vulnerability_id":"VCID-y442-f8dv-q7dm","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nConcrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28471","reference_id":"","reference_type":"","scores":[{"value":"0.01927","scoring_system":"epss","scoring_elements":"0.83717","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01927","scoring_system":"epss","scoring_elements":"0.83729","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01927","scoring_system":"epss","scoring_elements":"0.8373","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01927","scoring_system":"epss","scoring_elements":"0.83725","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28471"},{"reference_url":"https://concretecms.com","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:13Z/"}],"url":"https://concretecms.com"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:13Z/"}],"url":"https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:13Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28471","reference_id":"CVE-2023-28471","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28471"},{"reference_url":"https://github.com/advisories/GHSA-9h33-5fxw-r2xv","reference_id":"GHSA-9h33-5fxw-r2xv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9h33-5fxw-r2xv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65024?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0"}],"aliases":["CVE-2023-28471","GHSA-9h33-5fxw-r2xv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y442-f8dv-q7dm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110245?format=json","vulnerability_id":"VCID-ybb2-9a77-puhq","summary":"Concrete CMS vulnerable to Cleartext Transmission of Sensitive Information\nConcrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information (secrets in environment variables and server information) when Debug Mode is left on in production.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43691","reference_id":"","reference_type":"","scores":[{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43709","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43723","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43732","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43652","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43685","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43674","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43691"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:12:15Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:12:15Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/releases/8.5.10","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:12:15Z/"}],"url":"https://github.com/concretecms/concretecms/releases/8.5.10"},{"reference_url":"https://github.com/concretecms/concretecms/releases/9.1.3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:12:15Z/"}],"url":"https://github.com/concretecms/concretecms/releases/9.1.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43691","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43691"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:12:15Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://github.com/advisories/GHSA-q3hq-hm5h-qrx3","reference_id":"GHSA-q3hq-hm5h-qrx3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q3hq-hm5h-qrx3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65905?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-e9xa-h65d-xfe9"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-n7h1-u4gv-cuas"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-z677-bph6-eff9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/65906?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vhfu-j268-z3ac"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3"}],"aliases":["CVE-2022-43691","GHSA-q3hq-hm5h-qrx3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ybb2-9a77-puhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46181?format=json","vulnerability_id":"VCID-yv8t-guxf-dyb5","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nConcrete CMS v9.2.1 is affected by Arbitrary File Upload vulnerability via the Thumbnail\" file upload, which allows Cross-Site Scripting (XSS).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44763","reference_id":"","reference_type":"","scores":[{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50621","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50652","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50671","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50637","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50664","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44763"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/sromanhu/ConcreteCMS-Arbitrary-file-upload-Thumbnail","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sromanhu/ConcreteCMS-Arbitrary-file-upload-Thumbnail"},{"reference_url":"https://web.archive.org/web/20231026034159/https://documentation.concretecms.org/user-guide/editors-reference/dashboard/system-and-maintenance/files/allowed-file-types","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20231026034159/https://documentation.concretecms.org/user-guide/editors-reference/dashboard/system-and-maintenance/files/allowed-file-types"},{"reference_url":"https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-25-concrete-cms-rejects-cve-2023-44763","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-25-concrete-cms-rejects-cve-2023-44763"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44763","reference_id":"CVE-2023-44763","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44763"},{"reference_url":"https://github.com/advisories/GHSA-wrp2-6v6j-hfmg","reference_id":"GHSA-wrp2-6v6j-hfmg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wrp2-6v6j-hfmg"}],"fixed_packages":[],"aliases":["CVE-2023-44763","GHSA-wrp2-6v6j-hfmg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yv8t-guxf-dyb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45100?format=json","vulnerability_id":"VCID-yxhe-23hs-9fbt","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nConcrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Tags on uploaded files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28476","reference_id":"","reference_type":"","scores":[{"value":"0.01758","scoring_system":"epss","scoring_elements":"0.82955","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01758","scoring_system":"epss","scoring_elements":"0.82964","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01758","scoring_system":"epss","scoring_elements":"0.82967","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01758","scoring_system":"epss","scoring_elements":"0.82968","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28476"},{"reference_url":"https://concretecms.com","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://concretecms.com"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28476","reference_id":"CVE-2023-28476","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28476"},{"reference_url":"https://github.com/advisories/GHSA-2ggc-552c-rmqr","reference_id":"GHSA-2ggc-552c-rmqr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2ggc-552c-rmqr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65024?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0"}],"aliases":["CVE-2023-28476","GHSA-2ggc-552c-rmqr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yxhe-23hs-9fbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45090?format=json","vulnerability_id":"VCID-z677-bph6-eff9","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nConcrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28820","reference_id":"","reference_type":"","scores":[{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65107","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65119","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65131","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65125","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.6512","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28820"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/releases","reference_id":"","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:H/AV:N/A:N/C:L/I:N/PR:H/S:U/UI:R"},{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:09:20Z/"}],"url":"https://github.com/concretecms/concretecms/releases"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20","reference_id":"","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:H/AV:N/A:N/C:L/I:N/PR:H/S:U/UI:R"},{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:09:20Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28820","reference_id":"CVE-2023-28820","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28820"},{"reference_url":"https://github.com/advisories/GHSA-fgxj-g7x3-85cq","reference_id":"GHSA-fgxj-g7x3-85cq","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fgxj-g7x3-85cq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65025?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1nx7-y5wu-33f2"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-44dx-43hk-sbaq"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-arng-9uc2-8qaj"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-gupx-yrqr-mkf5"},{"vulnerability":"VCID-hbnc-g326-h7hj"},{"vulnerability":"VCID-js6u-2111-r3hv"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-ka5e-6mxu-pqbp"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p432-7c1h-rbh4"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-quse-xwtq-u3fn"},{"vulnerability":"VCID-ret1-4gwa-fkde"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y3mm-x9e4-63a8"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-ybb2-9a77-puhq"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-z8tm-pfx6-dyf4"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.0"}],"aliases":["CVE-2023-28820","GHSA-fgxj-g7x3-85cq"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z677-bph6-eff9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110191?format=json","vulnerability_id":"VCID-z8tm-pfx6-dyf4","summary":"Concrete CMS vulnerable to Cross-site Scripting via multilingual report\nConcrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43967","reference_id":"","reference_type":"","scores":[{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71446","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71429","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71402","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71452","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71437","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71413","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43967"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:50:32Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:50:32Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/releases/8.5.10","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:50:32Z/"}],"url":"https://github.com/concretecms/concretecms/releases/8.5.10"},{"reference_url":"https://github.com/concretecms/concretecms/releases/9.1.3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:50:32Z/"}],"url":"https://github.com/concretecms/concretecms/releases/9.1.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43967","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43967"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:50:32Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://github.com/advisories/GHSA-vq39-q549-g786","reference_id":"GHSA-vq39-q549-g786","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vq39-q549-g786"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65905?format=json","purl":"pkg:composer/concrete5/concrete5@8.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-e9xa-h65d-xfe9"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-n7h1-u4gv-cuas"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-z677-bph6-eff9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/65906?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-172w-4ffa-nbaj"},{"vulnerability":"VCID-1ptm-ydqz-gybk"},{"vulnerability":"VCID-2ayu-b9kp-ebfk"},{"vulnerability":"VCID-2ksz-92tn-wbg5"},{"vulnerability":"VCID-3ejn-3ds7-u7g8"},{"vulnerability":"VCID-3z92-cd94-cfdt"},{"vulnerability":"VCID-4e63-f1w1-rudp"},{"vulnerability":"VCID-4g38-9q14-x3fs"},{"vulnerability":"VCID-4m1m-6a9y-s3d6"},{"vulnerability":"VCID-5h8c-zdwq-nbcw"},{"vulnerability":"VCID-6qyr-cwsy-xkga"},{"vulnerability":"VCID-8amu-x7gk-47dh"},{"vulnerability":"VCID-9gz3-3k6s-kka8"},{"vulnerability":"VCID-ads8-yu64-dbgx"},{"vulnerability":"VCID-agcq-9qz7-33a8"},{"vulnerability":"VCID-av2c-h349-tkae"},{"vulnerability":"VCID-ba83-17k3-2ugw"},{"vulnerability":"VCID-c51u-7gm8-47g5"},{"vulnerability":"VCID-cfu3-tbnu-cygs"},{"vulnerability":"VCID-d1gx-9h4s-83gr"},{"vulnerability":"VCID-ejn3-nh6a-tqad"},{"vulnerability":"VCID-evgn-we1u-r3ey"},{"vulnerability":"VCID-fm12-usyg-dbb8"},{"vulnerability":"VCID-fq4e-t1kv-67dv"},{"vulnerability":"VCID-fs9q-x8vg-2ucb"},{"vulnerability":"VCID-gf6p-42zf-j7c4"},{"vulnerability":"VCID-ghk4-hq13-a7g1"},{"vulnerability":"VCID-jzq8-d8j8-y7a9"},{"vulnerability":"VCID-kpff-cc68-rufm"},{"vulnerability":"VCID-kxrj-be1c-uube"},{"vulnerability":"VCID-m55n-jx31-g3f6"},{"vulnerability":"VCID-mpkf-qdcc-pba7"},{"vulnerability":"VCID-nsk7-qkpu-d7ab"},{"vulnerability":"VCID-p4jp-hyhv-9ba9"},{"vulnerability":"VCID-p6u3-8e7t-dybm"},{"vulnerability":"VCID-p7aa-cmqm-mffv"},{"vulnerability":"VCID-qfja-3put-jqa5"},{"vulnerability":"VCID-s9y7-gqug-wfb8"},{"vulnerability":"VCID-secg-k297-qua9"},{"vulnerability":"VCID-tsf3-f23x-uybj"},{"vulnerability":"VCID-txnd-sm12-qfdj"},{"vulnerability":"VCID-ty4u-uvks-jfgb"},{"vulnerability":"VCID-vhfu-j268-z3ac"},{"vulnerability":"VCID-vubh-brda-yfb9"},{"vulnerability":"VCID-w2an-6qk1-1qh5"},{"vulnerability":"VCID-wp1e-1tvn-4qf8"},{"vulnerability":"VCID-x7qc-tw7s-tugy"},{"vulnerability":"VCID-x9kw-h9dx-zydt"},{"vulnerability":"VCID-y442-f8dv-q7dm"},{"vulnerability":"VCID-yv8t-guxf-dyb5"},{"vulnerability":"VCID-yxhe-23hs-9fbt"},{"vulnerability":"VCID-zaeh-y1fs-2kez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3"}],"aliases":["CVE-2022-43967","GHSA-vq39-q549-g786"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z8tm-pfx6-dyf4"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.2.0"}