{"url":"http://public2.vulnerablecode.io/api/packages/539223?format=json","purl":"pkg:composer/concrete5/concrete5@9.0.0RC3","type":"composer","namespace":"concrete5","name":"concrete5","version":"9.0.0RC3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.4.0-RC1","latest_non_vulnerable_version":"9.4.8","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/355650?format=json","vulnerability_id":"VCID-1zw6-abpq-aqee","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28476","reference_id":"","reference_type":"","scores":[{"value":"0.01758","scoring_system":"epss","scoring_elements":"0.83005","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28476"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28476","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28476"},{"reference_url":"https://github.com/advisories/GHSA-2ggc-552c-rmqr","reference_id":"GHSA-2ggc-552c-rmqr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2ggc-552c-rmqr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379355?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0"}],"aliases":["CVE-2023-28476","GHSA-2ggc-552c-rmqr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1zw6-abpq-aqee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64134?format=json","vulnerability_id":"VCID-2a3x-n2fy-eqce","summary":"Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3180","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2793","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3180"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295"},{"reference_url":"https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.","reference_id":"8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T19:52:55Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA."},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.","reference_id":"928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T19:52:55Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA."},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3180","reference_id":"CVE-2024-3180","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3180"},{"reference_url":"https://github.com/advisories/GHSA-9qhc-pg6j-wf23","reference_id":"GHSA-9qhc-pg6j-wf23","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9qhc-pg6j-wf23"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30163?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8"}],"aliases":["CVE-2024-3180","GHSA-9qhc-pg6j-wf23"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2a3x-n2fy-eqce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/355682?format=json","vulnerability_id":"VCID-2fk1-gqz6-kbcy","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28819","reference_id":"","reference_type":"","scores":[{"value":"0.02002","scoring_system":"epss","scoring_elements":"0.84047","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28819"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11749","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11749"},{"reference_url":"https://github.com/concretecms/concretecms/releases/tag/8.5.13","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/releases/tag/8.5.13"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28819","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28819"},{"reference_url":"https://github.com/advisories/GHSA-474f-mcjv-pgrm","reference_id":"GHSA-474f-mcjv-pgrm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-474f-mcjv-pgrm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379545?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-4h16-ay16-qkcs"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-56qq-9y15-nkb7"},{"vulnerability":"VCID-683x-bjfm-j3hh"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-71ae-y44g-kbbw"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9kyu-9sz6-1bea"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-g3pw-h46n-fyac"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-h56x-jv8r-a3aq"},{"vulnerability":"VCID-h67e-b4s5-guac"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-he4r-v9gv-tkdh"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-mjce-crza-h7d4"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbwe-39av-sydg"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-pt73-zjft-syhk"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-xfwe-ku14-gfe7"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.0"}],"aliases":["CVE-2023-28819","GHSA-474f-mcjv-pgrm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2fk1-gqz6-kbcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54105?format=json","vulnerability_id":"VCID-2x2h-cef1-yfee","summary":"Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1245","reference_id":"","reference_type":"","scores":[{"value":"0.00554","scoring_system":"epss","scoring_elements":"0.68547","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1245"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/59a07472ad6349a2c5fb455837a54ed1fe3f6953","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/59a07472ad6349a2c5fb455837a54ed1fe3f6953"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory","reference_id":"2024-02-04-security-advisory","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T16:13:24Z/"}],"url":"https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes","reference_id":"925-release-notes","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T16:13:24Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1245","reference_id":"CVE-2024-1245","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1245"},{"reference_url":"https://github.com/advisories/GHSA-mgp6-j658-vcw9","reference_id":"GHSA-mgp6-j658-vcw9","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mgp6-j658-vcw9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28873?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.5"}],"aliases":["CVE-2024-1245","GHSA-mgp6-j658-vcw9"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2x2h-cef1-yfee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64296?format=json","vulnerability_id":"VCID-3514-7uhf-pufd","summary":"Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All administrators have access to the File Manager and hence could create a search filter with the malicious code attached. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator .","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3178","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2793","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3178"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295"},{"reference_url":"https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11988","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11988"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11989","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11989"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.","reference_id":"8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T19:59:20Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA."},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.","reference_id":"928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T19:59:20Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA."},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3178","reference_id":"CVE-2024-3178","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3178"},{"reference_url":"https://github.com/advisories/GHSA-xwrh-qxmc-x8c8","reference_id":"GHSA-xwrh-qxmc-x8c8","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xwrh-qxmc-x8c8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30163?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8"}],"aliases":["CVE-2024-3178","GHSA-xwrh-qxmc-x8c8"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3514-7uhf-pufd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208121?format=json","vulnerability_id":"VCID-45c5-bada-byca","summary":"Cross Site Request Forgery in concrete5/concrete5","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22954","reference_id":"","reference_type":"","scores":[{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35164","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22954"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/90-release-notes","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/90-release-notes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22954","reference_id":"CVE-2021-22954","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22954"},{"reference_url":"https://github.com/advisories/GHSA-gr23-g276-xc73","reference_id":"GHSA-gr23-g276-xc73","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gr23-g276-xc73"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19309?format=json","purl":"pkg:composer/concrete5/concrete5@9.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2fk1-gqz6-kbcy"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-4h16-ay16-qkcs"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-56qq-9y15-nkb7"},{"vulnerability":"VCID-683x-bjfm-j3hh"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-71ae-y44g-kbbw"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9kyu-9sz6-1bea"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-e9xf-aufp-7ffa"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-g3pw-h46n-fyac"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-h56x-jv8r-a3aq"},{"vulnerability":"VCID-h67e-b4s5-guac"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-he4r-v9gv-tkdh"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-mjce-crza-h7d4"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbqg-vpwf-rkfr"},{"vulnerability":"VCID-pbwe-39av-sydg"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-pt73-zjft-syhk"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-xfwe-ku14-gfe7"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.0.0"}],"aliases":["CVE-2021-22954","GHSA-gr23-g276-xc73"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-45c5-bada-byca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63186?format=json","vulnerability_id":"VCID-542x-fkyy-sfcp","summary":"Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5.16 is vulnerable to Stored XSS on the calendar color settings screen since Information input by the user is output without escaping. A rogue administrator could inject malicious javascript into the Calendar Color Settings screen which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.0 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N&version=3.1 https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator   \n\nThank you Rikuto Tauchi for reporting","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2753","reference_id":"","reference_type":"","scores":[{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48202","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2753"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295"},{"reference_url":"https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.","reference_id":"8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:53:05Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA."},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.","reference_id":"928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:53:05Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA."},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2753","reference_id":"CVE-2024-2753","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2753"},{"reference_url":"https://github.com/advisories/GHSA-pj42-r64f-4xfq","reference_id":"GHSA-pj42-r64f-4xfq","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pj42-r64f-4xfq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30163?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8"}],"aliases":["CVE-2024-2753","GHSA-pj42-r64f-4xfq"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-542x-fkyy-sfcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/134496?format=json","vulnerability_id":"VCID-69vg-twmj-jfb2","summary":"Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS via a container name.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28471","reference_id":"","reference_type":"","scores":[{"value":"0.01927","scoring_system":"epss","scoring_elements":"0.83763","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28471"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28471","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28471"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates","reference_id":"2023-12-05-concrete-cms-new-cves-and-cve-updates","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:13Z/"}],"url":"https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates"},{"reference_url":"https://concretecms.com","reference_id":"concretecms.com","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:13Z/"}],"url":"https://concretecms.com"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20","reference_id":"concrete-cms-security-advisory-2023-04-20","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:13Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20"},{"reference_url":"https://github.com/advisories/GHSA-9h33-5fxw-r2xv","reference_id":"GHSA-9h33-5fxw-r2xv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9h33-5fxw-r2xv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379355?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0"}],"aliases":["CVE-2023-28471","GHSA-9h33-5fxw-r2xv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-69vg-twmj-jfb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/120419?format=json","vulnerability_id":"VCID-7mj3-9jvf-vudw","summary":"Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The \"Add Folder\" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names.  The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N. Versions below 9 are not affected. Thanks, Alfin Joseph for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0660","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43779","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0660"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-0660","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-0660"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12454","reference_id":"12454","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:38:19Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12454"},{"reference_url":"https://github.com/concretecms/bedrock/pull/370","reference_id":"370","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:38:19Z/"}],"url":"https://github.com/concretecms/bedrock/pull/370"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes","reference_id":"940-release-notes","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:38:19Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes"},{"reference_url":"https://github.com/advisories/GHSA-pvmx-mjmh-jfcx","reference_id":"GHSA-pvmx-mjmh-jfcx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pvmx-mjmh-jfcx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/785786?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.0RC1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.0RC1"},{"url":"http://public2.vulnerablecode.io/api/packages/377800?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.0-RC1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.0-RC1"}],"aliases":["CVE-2025-0660","GHSA-pvmx-mjmh-jfcx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7mj3-9jvf-vudw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356848?format=json","vulnerability_id":"VCID-7whk-wmkw-vuec","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44763","reference_id":"","reference_type":"","scores":[{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50709","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44763"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/sromanhu/ConcreteCMS-Arbitrary-file-upload-Thumbnail","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sromanhu/ConcreteCMS-Arbitrary-file-upload-Thumbnail"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44763","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44763"},{"reference_url":"https://web.archive.org/web/20231026034159/https://documentation.concretecms.org/user-guide/editors-reference/dashboard/system-and-maintenance/files/allowed-file-types","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20231026034159/https://documentation.concretecms.org/user-guide/editors-reference/dashboard/system-and-maintenance/files/allowed-file-types"},{"reference_url":"https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-25-concrete-cms-rejects-cve-2023-44763","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-25-concrete-cms-rejects-cve-2023-44763"},{"reference_url":"https://github.com/advisories/GHSA-wrp2-6v6j-hfmg","reference_id":"GHSA-wrp2-6v6j-hfmg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wrp2-6v6j-hfmg"}],"fixed_packages":[],"aliases":["CVE-2023-44763","GHSA-wrp2-6v6j-hfmg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7whk-wmkw-vuec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63538?format=json","vulnerability_id":"VCID-8war-c3pp-kuf5","summary":"Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Name field which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.2 with a vector of AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N  Concrete versions below 9 do not include group types so they are not affected by this vulnerability. Thanks Luca Fuda for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2179","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.3095","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2179"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/ac1ec9b069acac79869b2988e1f56cc5565a3dd4","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/ac1ec9b069acac79869b2988e1f56cc5565a3dd4"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/927-release-notes","reference_id":"927-release-notes","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-06T20:22:19Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/927-release-notes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2179","reference_id":"CVE-2024-2179","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2179"},{"reference_url":"https://github.com/advisories/GHSA-4m7h-34xm-4wjv","reference_id":"GHSA-4m7h-34xm-4wjv","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4m7h-34xm-4wjv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29537?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.7"}],"aliases":["CVE-2024-2179","GHSA-4m7h-34xm-4wjv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8war-c3pp-kuf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64388?format=json","vulnerability_id":"VCID-9j62-yk3f-bfgk","summary":"Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3181","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2793","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3181"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295"},{"reference_url":"https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.","reference_id":"8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T15:34:26Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA."},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.","reference_id":"928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T15:34:26Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA."},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3181","reference_id":"CVE-2024-3181","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3181"},{"reference_url":"https://github.com/advisories/GHSA-qgm9-rxmq-jxmq","reference_id":"GHSA-qgm9-rxmq-jxmq","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qgm9-rxmq-jxmq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30163?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8"}],"aliases":["CVE-2024-3181","GHSA-qgm9-rxmq-jxmq"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9j62-yk3f-bfgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45843?format=json","vulnerability_id":"VCID-9z1s-b811-3ug2","summary":"Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances. A rogue administrator could inject malicious code. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.6 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Versions below 9 are not affected. Thanks, m3dium for reporting. (CNA updated AC score to L based on CVSS 4.0 documentation)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7512","reference_id":"","reference_type":"","scores":[{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78561","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7512"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://hackerone.com/reports/2486344","reference_id":"2486344","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T13:49:33Z/"}],"url":"https://hackerone.com/reports/2486344"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723055753d52041","reference_id":"933-release-notes?pk_vid=e367a434ef4830491723055753d52041","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T13:49:33Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723055753d52041"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7512","reference_id":"CVE-2024-7512","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7512"},{"reference_url":"https://github.com/advisories/GHSA-c47w-9mcf-w972","reference_id":"GHSA-c47w-9mcf-w972","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c47w-9mcf-w972"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32957?format=json","purl":"pkg:composer/concrete5/concrete5@9.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.3.3"}],"aliases":["CVE-2024-7512","GHSA-c47w-9mcf-w972"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9z1s-b811-3ug2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356850?format=json","vulnerability_id":"VCID-acs4-8efj-jqa5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44765","reference_id":"","reference_type":"","scores":[{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53584","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44765"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11746","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11746"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11746/commits/0f0564232e0a49719d0bdff6223539b624f116ee","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11746/commits/0f0564232e0a49719d0bdff6223539b624f116ee"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11746/commits/92bcc208078571f4beda38cb0952f8e99887737a","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11746/commits/92bcc208078571f4beda38cb0952f8e99887737a"},{"reference_url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Associations","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Associations"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44765","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44765"},{"reference_url":"https://github.com/advisories/GHSA-6xx7-r8x4-fpjp","reference_id":"GHSA-6xx7-r8x4-fpjp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6xx7-r8x4-fpjp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379110?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.2"}],"aliases":["CVE-2023-44765","GHSA-6xx7-r8x4-fpjp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-acs4-8efj-jqa5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356849?format=json","vulnerability_id":"VCID-afq8-b83x-ckfn","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44764","reference_id":"","reference_type":"","scores":[{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43982","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44764"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Site_Installation","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Site_Installation"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44764","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44764"},{"reference_url":"https://github.com/advisories/GHSA-j6h5-ggv2-3rfv","reference_id":"GHSA-j6h5-ggv2-3rfv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j6h5-ggv2-3rfv"}],"fixed_packages":[],"aliases":["CVE-2023-44764","GHSA-j6h5-ggv2-3rfv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-afq8-b83x-ckfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/355651?format=json","vulnerability_id":"VCID-bbxq-cdbp-vucg","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28477","reference_id":"","reference_type":"","scores":[{"value":"0.02044","scoring_system":"epss","scoring_elements":"0.84219","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28477"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/546cef6ec29208d5c079113635cd6e6b250e9f7c","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/546cef6ec29208d5c079113635cd6e6b250e9f7c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28477","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28477"},{"reference_url":"https://github.com/advisories/GHSA-xfmj-r86m-j2hr","reference_id":"GHSA-xfmj-r86m-j2hr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xfmj-r86m-j2hr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379355?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0"}],"aliases":["CVE-2023-28477","GHSA-xfmj-r86m-j2hr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bbxq-cdbp-vucg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/355648?format=json","vulnerability_id":"VCID-cyhv-k8b7-u3dc","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28472","reference_id":"","reference_type":"","scores":[{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64452","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28472"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11749","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11749"},{"reference_url":"https://github.com/concretecms/concretecms/releases/tag/8.5.13","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/releases/tag/8.5.13"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28472","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28472"},{"reference_url":"https://github.com/advisories/GHSA-f55r-8rcv-mqcf","reference_id":"GHSA-f55r-8rcv-mqcf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f55r-8rcv-mqcf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379355?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0"}],"aliases":["CVE-2023-28472","GHSA-f55r-8rcv-mqcf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cyhv-k8b7-u3dc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/357423?format=json","vulnerability_id":"VCID-d263-cpsv-fkeg","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48652","reference_id":"","reference_type":"","scores":[{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.5668","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48652"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48652","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48652"},{"reference_url":"https://github.com/advisories/GHSA-qp42-5pj7-4ccm","reference_id":"GHSA-qp42-5pj7-4ccm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qp42-5pj7-4ccm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29435?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.3"}],"aliases":["CVE-2023-48652","GHSA-qp42-5pj7-4ccm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d263-cpsv-fkeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85463?format=json","vulnerability_id":"VCID-d4bd-m93f-aqf2","summary":"In Concrete CMS below version 9.4.8, a rogue administrator can add stored XSS via the Switch Language block.  The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N.  Thanks M3dium for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3242","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01379","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3242"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12826","reference_id":"12826","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:42:24Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12826"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes","reference_id":"948-release-notes","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:42:24Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3242","reference_id":"CVE-2026-3242","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3242"},{"reference_url":"https://github.com/advisories/GHSA-w9qg-chfh-g3q9","reference_id":"GHSA-w9qg-chfh-g3q9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w9qg-chfh-g3q9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40145?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8"}],"aliases":["CVE-2026-3242","GHSA-w9qg-chfh-g3q9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d4bd-m93f-aqf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92329?format=json","vulnerability_id":"VCID-dx1t-b982-5ucd","summary":"Concrete CMS 9 to 9.4.2 and versions below 8.5.21 are vulnerable to Reflected Cross-Site Scripting (XSS) in the Conversation Messages Dashboard Page. Unsanitized input could cause theft of session cookies or tokens, defacement of web content, redirection to malicious sites, and (if victim is an admin), the execution of unauthorized actions. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks  Fortbridge https://fortbridge.co.uk/  for performing a penetration test and vulnerability assessment on Concrete CMS and reporting this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8571","reference_id":"","reference_type":"","scores":[{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49646","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8571"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/4b39dcc17c309dc82eb8398e8cdb146942f62f92","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/4b39dcc17c309dc82eb8398e8cdb146942f62f92"},{"reference_url":"https://github.com/concretecms/concretecms/commit/f7630b467d3a234d3d333ca117046a500e7ee2b6","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/f7630b467d3a234d3d333ca117046a500e7ee2b6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8571","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8571"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8521-release-notes","reference_id":"8521-release-notes","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-06T16:14:47Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8521-release-notes"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/943-release-notes","reference_id":"943-release-notes","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-06T16:14:47Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/943-release-notes"},{"reference_url":"https://www.concretecms.org/download","reference_id":"download","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-06T16:14:47Z/"}],"url":"https://www.concretecms.org/download"},{"reference_url":"https://github.com/advisories/GHSA-4pcg-pjp5-3mc6","reference_id":"GHSA-4pcg-pjp5-3mc6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4pcg-pjp5-3mc6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377524?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.3"}],"aliases":["CVE-2025-8571","GHSA-4pcg-pjp5-3mc6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dx1t-b982-5ucd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/134002?format=json","vulnerability_id":"VCID-e9xf-aufp-7ffa","summary":"Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28821","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51216","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28821"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28821","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28821"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20","reference_id":"concrete-cms-security-advisory-2023-04-20","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:47:43Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20"},{"reference_url":"https://github.com/advisories/GHSA-ph6g-6v8w-8p6m","reference_id":"GHSA-ph6g-6v8w-8p6m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-ph6g-6v8w-8p6m"},{"reference_url":"https://github.com/concretecms/concretecms/releases","reference_id":"releases","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:47:43Z/"}],"url":"https://github.com/concretecms/concretecms/releases"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379545?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-4h16-ay16-qkcs"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-56qq-9y15-nkb7"},{"vulnerability":"VCID-683x-bjfm-j3hh"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-71ae-y44g-kbbw"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9kyu-9sz6-1bea"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-g3pw-h46n-fyac"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-h56x-jv8r-a3aq"},{"vulnerability":"VCID-h67e-b4s5-guac"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-he4r-v9gv-tkdh"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-mjce-crza-h7d4"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbwe-39av-sydg"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-pt73-zjft-syhk"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-xfwe-ku14-gfe7"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.0"}],"aliases":["CVE-2023-28821","GHSA-ph6g-6v8w-8p6m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e9xf-aufp-7ffa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66432?format=json","vulnerability_id":"VCID-g134-5qhy-mudn","summary":"ConcreteCMS v9.4.7 contains a Denial of Service (DoS) vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive::addFromString' combined with 'file_get_contents', which loads the entire content of every selected file into PHP memory. An authenticated attacker can exploit this by requesting a bulk download of large files, triggering an Out-Of-Memory (OOM) condition that causes the PHP-FPM process to terminate (SIGSEGV) and the web server to return a 500 error.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30662","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18751","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30662"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30662","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30662"},{"reference_url":"https://wang1rrr.github.io/2026/02/11/CVE-Report-ConcreteCMS-DoS","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wang1rrr.github.io/2026/02/11/CVE-Report-ConcreteCMS-DoS"},{"reference_url":"https://wang1rrr.github.io/2026/02/11/CVE-Report-ConcreteCMS-DoS/","reference_id":"CVE-Report-ConcreteCMS-DoS","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:49:15Z/"}],"url":"https://wang1rrr.github.io/2026/02/11/CVE-Report-ConcreteCMS-DoS/"},{"reference_url":"https://github.com/advisories/GHSA-p68c-rmfh-j48h","reference_id":"GHSA-p68c-rmfh-j48h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p68c-rmfh-j48h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40145?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8"}],"aliases":["CVE-2026-30662","GHSA-p68c-rmfh-j48h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g134-5qhy-mudn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356847?format=json","vulnerability_id":"VCID-gg3x-yz6u-nygp","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44761","reference_id":"","reference_type":"","scores":[{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53584","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44761"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Forms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Forms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44761","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44761"},{"reference_url":"https://github.com/advisories/GHSA-p4jj-gwpg-9jwh","reference_id":"GHSA-p4jj-gwpg-9jwh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p4jj-gwpg-9jwh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379110?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.2"}],"aliases":["CVE-2023-44761","GHSA-p4jj-gwpg-9jwh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gg3x-yz6u-nygp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211547?format=json","vulnerability_id":"VCID-j9t7-y29v-6bb7","summary":"Withdrawn: ConcreteCMS vulnerable to Xpath injection attacks","references":[{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-46464","reference_id":"CVE-2022-46464","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-46464"},{"reference_url":"https://github.com/advisories/GHSA-7vx2-5349-qj99","reference_id":"GHSA-7vx2-5349-qj99","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7vx2-5349-qj99"}],"fixed_packages":[],"aliases":["CVE-2022-46464","GHSA-7vx2-5349-qj99"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j9t7-y29v-6bb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/134512?format=json","vulnerability_id":"VCID-m9p2-uh8x-zuh8","summary":"Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Saved Presets on search.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28474","reference_id":"","reference_type":"","scores":[{"value":"0.01927","scoring_system":"epss","scoring_elements":"0.83763","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28474"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28474","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28474"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates","reference_id":"2023-12-05-concrete-cms-new-cves-and-cve-updates","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:30:45Z/"}],"url":"https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates"},{"reference_url":"https://concretecms.com","reference_id":"concretecms.com","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:30:45Z/"}],"url":"https://concretecms.com"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20","reference_id":"concrete-cms-security-advisory-2023-04-20","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:30:45Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20"},{"reference_url":"https://github.com/advisories/GHSA-2j26-j953-2rph","reference_id":"GHSA-2j26-j953-2rph","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2j26-j953-2rph"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379355?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0"}],"aliases":["CVE-2023-28474","GHSA-2j26-j953-2rph"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m9p2-uh8x-zuh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163150?format=json","vulnerability_id":"VCID-mjce-crza-h7d4","summary":"Concrete CMS is vulnerable to CSRF due to the lack of \"State\" parameter for external Concrete authentication service for users of Concrete who use the \"out of the box\" core OAuth.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43693","reference_id":"","reference_type":"","scores":[{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.629","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43693"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/releases/8.5.10","reference_id":"8.5.10","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:08:21Z/"}],"url":"https://github.com/concretecms/concretecms/releases/8.5.10"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes","reference_id":"8510-release-notes","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:08:21Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"},{"reference_url":"https://github.com/concretecms/concretecms/releases/9.1.3","reference_id":"9.1.3","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:08:21Z/"}],"url":"https://github.com/concretecms/concretecms/releases/9.1.3"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes","reference_id":"913-release-notes","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:08:21Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31","reference_id":"concrete-cms-security-advisory-2022-10-31","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:08:21Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43693","reference_id":"CVE-2022-43693","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43693"},{"reference_url":"https://github.com/advisories/GHSA-w8fp-3gwq-gxpw","reference_id":"GHSA-w8fp-3gwq-gxpw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w8fp-3gwq-gxpw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27858?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-s6vy-zjm8-n7bc"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.3"}],"aliases":["CVE-2022-43693","GHSA-w8fp-3gwq-gxpw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mjce-crza-h7d4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/131448?format=json","vulnerability_id":"VCID-n6yd-31cx-zqh2","summary":"A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44762","reference_id":"","reference_type":"","scores":[{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44645","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44762"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44762","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44762"},{"reference_url":"https://github.com/sromanhu/ConcreteCMS-Reflected-XSS---Tags","reference_id":"ConcreteCMS-Reflected-XSS---Tags","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T16:28:16Z/"}],"url":"https://github.com/sromanhu/ConcreteCMS-Reflected-XSS---Tags"},{"reference_url":"https://github.com/advisories/GHSA-6fm3-r6mf-j875","reference_id":"GHSA-6fm3-r6mf-j875","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6fm3-r6mf-j875"}],"fixed_packages":[],"aliases":["CVE-2023-44762","GHSA-6fm3-r6mf-j875"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n6yd-31cx-zqh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85790?format=json","vulnerability_id":"VCID-nahk-p3f1-8bee","summary":"In Concrete CMS below version 9.4.8, a stored cross-site scripting (XSS) vulnerability exists in the \"Legacy Form\" block. An authenticated user with permissions to create or edit forms (e.g., a rogue administrator) can inject a persistent JavaScript payload into the options of a multiple-choice question (Checkbox List, Radio Buttons, or Select Box). This payload is then executed in the browser of any user who views the page containing the form. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks M3dium for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3241","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.0123","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3241"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12826","reference_id":"12826","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:41:54Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12826"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes","reference_id":"948-release-notes","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:41:54Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3241","reference_id":"CVE-2026-3241","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3241"},{"reference_url":"https://github.com/advisories/GHSA-f4vq-pj32-gr4q","reference_id":"GHSA-f4vq-pj32-gr4q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f4vq-pj32-gr4q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40145?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8"}],"aliases":["CVE-2026-3241","GHSA-f4vq-pj32-gr4q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nahk-p3f1-8bee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/134349?format=json","vulnerability_id":"VCID-pbqg-vpwf-rkfr","summary":"Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28820","reference_id":"","reference_type":"","scores":[{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65181","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28820"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28820","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28820"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20","reference_id":"concrete-cms-security-advisory-2023-04-20","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:H/AV:N/A:N/C:L/I:N/PR:H/S:U/UI:R"},{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:09:20Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20"},{"reference_url":"https://github.com/advisories/GHSA-fgxj-g7x3-85cq","reference_id":"GHSA-fgxj-g7x3-85cq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fgxj-g7x3-85cq"},{"reference_url":"https://github.com/concretecms/concretecms/releases","reference_id":"releases","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:H/AV:N/A:N/C:L/I:N/PR:H/S:U/UI:R"},{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:09:20Z/"}],"url":"https://github.com/concretecms/concretecms/releases"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379545?format=json","purl":"pkg:composer/concrete5/concrete5@9.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zw6-abpq-aqee"},{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-4h16-ay16-qkcs"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-56qq-9y15-nkb7"},{"vulnerability":"VCID-683x-bjfm-j3hh"},{"vulnerability":"VCID-69vg-twmj-jfb2"},{"vulnerability":"VCID-71ae-y44g-kbbw"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9kyu-9sz6-1bea"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-bbxq-cdbp-vucg"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-cyhv-k8b7-u3dc"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-g3pw-h46n-fyac"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-h56x-jv8r-a3aq"},{"vulnerability":"VCID-h67e-b4s5-guac"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-he4r-v9gv-tkdh"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-j9t7-y29v-6bb7"},{"vulnerability":"VCID-m9p2-uh8x-zuh8"},{"vulnerability":"VCID-mjce-crza-h7d4"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pbwe-39av-sydg"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-pt73-zjft-syhk"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-xfwe-ku14-gfe7"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"},{"vulnerability":"VCID-yjan-urxm-g3a4"},{"vulnerability":"VCID-yu9q-pa9p-huck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.1.0"}],"aliases":["CVE-2023-28820","GHSA-fgxj-g7x3-85cq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pbqg-vpwf-rkfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54443?format=json","vulnerability_id":"VCID-pd9w-6ke4-13hr","summary":"Concrete CMS version 9 before 9.2.5 is vulnerable to  stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector  AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1247","reference_id":"","reference_type":"","scores":[{"value":"0.08195","scoring_system":"epss","scoring_elements":"0.92392","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1247"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/59a07472ad6349a2c5fb455837a54ed1fe3f6953","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/59a07472ad6349a2c5fb455837a54ed1fe3f6953"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory","reference_id":"2024-02-04-security-advisory","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T17:30:29Z/"}],"url":"https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes","reference_id":"925-release-notes","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T17:30:29Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1247","reference_id":"CVE-2024-1247","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1247"},{"reference_url":"https://github.com/advisories/GHSA-q25h-jch8-gfrp","reference_id":"GHSA-q25h-jch8-gfrp","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q25h-jch8-gfrp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28873?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.5"}],"aliases":["CVE-2024-1247","GHSA-q25h-jch8-gfrp"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pd9w-6ke4-13hr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85949?format=json","vulnerability_id":"VCID-qndd-2vmq-guen","summary":"In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Thanks minhnn42, namdi and quanlna2 from VCSLab-Viettel Cyber Security for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3240","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01379","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3240"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12826","reference_id":"12826","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:32:45Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12826"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes","reference_id":"948-release-notes","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:32:45Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3240","reference_id":"CVE-2026-3240","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3240"},{"reference_url":"https://github.com/advisories/GHSA-45fj-fvmm-xcc5","reference_id":"GHSA-45fj-fvmm-xcc5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-45fj-fvmm-xcc5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40145?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8"}],"aliases":["CVE-2026-3240","GHSA-45fj-fvmm-xcc5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qndd-2vmq-guen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64702?format=json","vulnerability_id":"VCID-rgjf-p329-vbf8","summary":"Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3179","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2793","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3179"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295"},{"reference_url":"https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11988","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11988"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11989","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11989"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.","reference_id":"8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T20:02:16Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA."},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.","reference_id":"928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T20:02:16Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA."},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3179","reference_id":"CVE-2024-3179","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3179"},{"reference_url":"https://github.com/advisories/GHSA-r7q4-cw9r-vhp4","reference_id":"GHSA-r7q4-cw9r-vhp4","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r7q4-cw9r-vhp4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30163?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8"}],"aliases":["CVE-2024-3179","GHSA-r7q4-cw9r-vhp4"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rgjf-p329-vbf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85813?format=json","vulnerability_id":"VCID-rkx3-e4r3-c3gh","summary":"Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injection into the Express Entry List block via the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed to unserialize() without class restrictions or integrity checks. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 8.9 with vector CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H. Thanks YJK ( @YJK0805 https://hackerone.com/yjk0805 ) of  ZUSO ART https://zuso.ai/  for reporting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3452","reference_id":"","reference_type":"","scores":[{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.51008","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3452"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12826/changes/167f16e4805d8ab546d2997c753ac21bf4854920","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/12826/changes/167f16e4805d8ab546d2997c753ac21bf4854920"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12826/changes/167f16e4805d8ab546d2997c753ac21bf4854920://","reference_id":"167f16e4805d8ab546d2997c753ac21bf4854920:","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T16:02:03Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12826/changes/167f16e4805d8ab546d2997c753ac21bf4854920://"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes","reference_id":"948-release-notes","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T16:02:03Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3452","reference_id":"CVE-2026-3452","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3452"},{"reference_url":"https://github.com/advisories/GHSA-gj26-w59c-29mf","reference_id":"GHSA-gj26-w59c-29mf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gj26-w59c-29mf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40145?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8"}],"aliases":["CVE-2026-3452","GHSA-gj26-w59c-29mf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rkx3-e4r3-c3gh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356846?format=json","vulnerability_id":"VCID-tgvt-rgwm-d7de","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44760","reference_id":"","reference_type":"","scores":[{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46352","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44760"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---TrackingCodes","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---TrackingCodes"},{"reference_url":"https://github.com/sromanhu/CVE-2023-44760_ConcreteCMS-Stored-XSS---TrackingCodes/issues/1","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sromanhu/CVE-2023-44760_ConcreteCMS-Stored-XSS---TrackingCodes/issues/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44760","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44760"},{"reference_url":"https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-31-concrete-cms-rejects-cve-2023-44760-and-cve-2023-44766","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-31-concrete-cms-rejects-cve-2023-44760-and-cve-2023-44766"},{"reference_url":"https://github.com/advisories/GHSA-4qv6-37xq-mgq2","reference_id":"GHSA-4qv6-37xq-mgq2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4qv6-37xq-mgq2"}],"fixed_packages":[],"aliases":["CVE-2023-44760","GHSA-4qv6-37xq-mgq2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tgvt-rgwm-d7de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/126308?format=json","vulnerability_id":"VCID-tt5n-k5h8-xufp","summary":"","references":[{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc5.md","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc5.md"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2967","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2967"},{"reference_url":"https://vuldb.com/?ctiid.302019","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://vuldb.com/?ctiid.302019"},{"reference_url":"https://vuldb.com/?id.302019","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://vuldb.com/?id.302019"},{"reference_url":"https://vuldb.com/?submit.522417","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://vuldb.com/?submit.522417"},{"reference_url":"https://github.com/advisories/GHSA-xfqf-5rhg-5c73","reference_id":"GHSA-xfqf-5rhg-5c73","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xfqf-5rhg-5c73"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/785786?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.0RC1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.0RC1"}],"aliases":["CVE-2025-2967","GHSA-xfqf-5rhg-5c73"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tt5n-k5h8-xufp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85311?format=json","vulnerability_id":"VCID-v39f-kpce-2qhz","summary":"In Concrete CMS below version 9.4.8, A stored cross-site scripting (XSS) vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page names that executes when users search for and view those pages in search results. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N.  Thanks zolpak for reporting","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3244","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01379","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3244"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12826","reference_id":"12826","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:50:43Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12826"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes","reference_id":"948-release-notes","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:50:43Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3244","reference_id":"CVE-2026-3244","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3244"},{"reference_url":"https://github.com/advisories/GHSA-mm5f-5rqw-574f","reference_id":"GHSA-mm5f-5rqw-574f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mm5f-5rqw-574f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40145?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8"}],"aliases":["CVE-2026-3244","GHSA-mm5f-5rqw-574f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v39f-kpce-2qhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356851?format=json","vulnerability_id":"VCID-vbae-fwnr-zff5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44766","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40606","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44766"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---SEO","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sromanhu/ConcreteCMS-Stored-XSS---SEO"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44766","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44766"},{"reference_url":"https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-31-concrete-cms-rejects-cve-2023-44760-and-cve-2023-44766","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-31-concrete-cms-rejects-cve-2023-44760-and-cve-2023-44766"},{"reference_url":"https://github.com/advisories/GHSA-437p-jfm4-2387","reference_id":"GHSA-437p-jfm4-2387","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-437p-jfm4-2387"}],"fixed_packages":[],"aliases":["CVE-2023-44766","GHSA-437p-jfm4-2387"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vbae-fwnr-zff5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84946?format=json","vulnerability_id":"VCID-vdtu-qtuw-v3fs","summary":"Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam Allowlist Group Configuration via group_id parameter which can leads to a security bypass since changes are saved prior to checking the CSRF token. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks z3rco for reporting","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2994","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01454","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2994"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12826","reference_id":"12826","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:04:57Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12826"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes","reference_id":"948-release-notes","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T15:04:57Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/948-release-notes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2994","reference_id":"CVE-2026-2994","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2994"},{"reference_url":"https://github.com/advisories/GHSA-6mxw-2vhf-42g5","reference_id":"GHSA-6mxw-2vhf-42g5","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6mxw-2vhf-42g5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40145?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.8"}],"aliases":["CVE-2026-2994","GHSA-6mxw-2vhf-42g5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vdtu-qtuw-v3fs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53916?format=json","vulnerability_id":"VCID-w8rd-ssb2-pkgx","summary":"Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user’s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1246","reference_id":"","reference_type":"","scores":[{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62662","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1246"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/59a07472ad6349a2c5fb455837a54ed1fe3f6953","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/59a07472ad6349a2c5fb455837a54ed1fe3f6953"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory","reference_id":"2024-02-04-security-advisory","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:14:59Z/"}],"url":"https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes","reference_id":"925-release-notes","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:14:59Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1246","reference_id":"CVE-2024-1246","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1246"},{"reference_url":"https://github.com/advisories/GHSA-9v3w-cj7m-qh5g","reference_id":"GHSA-9v3w-cj7m-qh5g","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9v3w-cj7m-qh5g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28873?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.5"}],"aliases":["CVE-2024-1246","GHSA-9v3w-cj7m-qh5g"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w8rd-ssb2-pkgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47505?format=json","vulnerability_id":"VCID-wau6-kvqa-pbgu","summary":"Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave this vulnerability a CVSS v4 score of 5.1 with vector   https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Thanks, m3dium for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4350","reference_id":"","reference_type":"","scores":[{"value":"0.01032","scoring_system":"epss","scoring_elements":"0.77756","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4350"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/55e485e06b0b3342613a55af6a7c61d939d2ccb5","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/55e485e06b0b3342613a55af6a7c61d939d2ccb5"},{"reference_url":"https://github.com/concretecms/concretecms/pull/12166","reference_id":"12166","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:51:55Z/"}],"url":"https://github.com/concretecms/concretecms/pull/12166"},{"reference_url":"https://documentation.concretecms.org/developers/introduction/version-history/8518-release-notes?pk_vid=e367a434ef4830491723055758d52041","reference_id":"8518-release-notes?pk_vid=e367a434ef4830491723055758d52041","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:51:55Z/"}],"url":"https://documentation.concretecms.org/developers/introduction/version-history/8518-release-notes?pk_vid=e367a434ef4830491723055758d52041"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723060415d52041","reference_id":"933-release-notes?pk_vid=e367a434ef4830491723060415d52041","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:51:55Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723060415d52041"},{"reference_url":"https://github.com/concretecms/concretecms/commit/c08d9671cec4e7afdabb547339c4bc0bed8eab06","reference_id":"c08d9671cec4e7afdabb547339c4bc0bed8eab06","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:51:55Z/"}],"url":"https://github.com/concretecms/concretecms/commit/c08d9671cec4e7afdabb547339c4bc0bed8eab06"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4350","reference_id":"CVE-2024-4350","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4350"},{"reference_url":"https://github.com/advisories/GHSA-q5wx-m95r-4cgc","reference_id":"GHSA-q5wx-m95r-4cgc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q5wx-m95r-4cgc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32957?format=json","purl":"pkg:composer/concrete5/concrete5@9.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-x48e-w1z4-57ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.3.3"}],"aliases":["CVE-2024-4350","GHSA-q5wx-m95r-4cgc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wau6-kvqa-pbgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92809?format=json","vulnerability_id":"VCID-x48e-w1z4-57ab","summary":"Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page.  Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks sealldev  (Noah Cooper) for reporting via HackerOne.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8573","reference_id":"","reference_type":"","scores":[{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.59062","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8573"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/commit/f7630b467d3a234d3d333ca117046a500e7ee2b6","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/f7630b467d3a234d3d333ca117046a500e7ee2b6"},{"reference_url":"https://github.com/concretecms/concretecms/releases/tag/9.4.3","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/releases/tag/9.4.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8573","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8573"},{"reference_url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/943-release-notes","reference_id":"943-release-notes","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-06T14:08:41Z/"}],"url":"https://documentation.concretecms.org/9-x/developers/introduction/version-history/943-release-notes"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52428.txt","reference_id":"CVE-2025-8573","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52428.txt"},{"reference_url":"https://www.concretecms.org/download","reference_id":"download","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-06T14:08:41Z/"}],"url":"https://www.concretecms.org/download"},{"reference_url":"https://github.com/advisories/GHSA-c5xf-rmv4-j85h","reference_id":"GHSA-c5xf-rmv4-j85h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c5xf-rmv4-j85h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377524?format=json","purl":"pkg:composer/concrete5/concrete5@9.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.4.3"}],"aliases":["CVE-2025-8573","GHSA-c5xf-rmv4-j85h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x48e-w1z4-57ab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/134414?format=json","vulnerability_id":"VCID-yjan-urxm-g3a4","summary":"Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28473","reference_id":"","reference_type":"","scores":[{"value":"0.0074","scoring_system":"epss","scoring_elements":"0.73386","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28473"},{"reference_url":"https://github.com/concretecms/concretecms","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms"},{"reference_url":"https://github.com/concretecms/concretecms/pull/11749","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/pull/11749"},{"reference_url":"https://github.com/concretecms/concretecms/releases/tag/8.5.13","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/releases/tag/8.5.13"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28473","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28473"},{"reference_url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release","reference_id":"2023-11-09-security-blog-about-updated-cves-and-new-release","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:41:07Z/"}],"url":"https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release"},{"reference_url":"https://concretecms.com","reference_id":"concretecms.com","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:41:07Z/"}],"url":"https://concretecms.com"},{"reference_url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20","reference_id":"concrete-cms-security-advisory-2023-04-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:41:07Z/"}],"url":"https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20"},{"reference_url":"https://github.com/advisories/GHSA-pj76-75cm-3552","reference_id":"GHSA-pj76-75cm-3552","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pj76-75cm-3552"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379355?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0"}],"aliases":["CVE-2023-28473","GHSA-pj76-75cm-3552"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjan-urxm-g3a4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/355649?format=json","vulnerability_id":"VCID-yu9q-pa9p-huck","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28475","reference_id":"","reference_type":"","scores":[{"value":"0.02087","scoring_system":"epss","scoring_elements":"0.84375","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28475"},{"reference_url":"https://github.com/concretecms/concretecms/commit/861ba66d248165c9ee9d6d11a0457908b97d68f0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/concretecms/concretecms/commit/861ba66d248165c9ee9d6d11a0457908b97d68f0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28475","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28475"},{"reference_url":"https://github.com/advisories/GHSA-vcpr-hm2m-gjjj","reference_id":"GHSA-vcpr-hm2m-gjjj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vcpr-hm2m-gjjj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379355?format=json","purl":"pkg:composer/concrete5/concrete5@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a3x-n2fy-eqce"},{"vulnerability":"VCID-2x2h-cef1-yfee"},{"vulnerability":"VCID-3514-7uhf-pufd"},{"vulnerability":"VCID-542x-fkyy-sfcp"},{"vulnerability":"VCID-7mj3-9jvf-vudw"},{"vulnerability":"VCID-7whk-wmkw-vuec"},{"vulnerability":"VCID-8war-c3pp-kuf5"},{"vulnerability":"VCID-9j62-yk3f-bfgk"},{"vulnerability":"VCID-9z1s-b811-3ug2"},{"vulnerability":"VCID-acs4-8efj-jqa5"},{"vulnerability":"VCID-afq8-b83x-ckfn"},{"vulnerability":"VCID-c2xh-rq7d-wqey"},{"vulnerability":"VCID-chav-mybs-syd2"},{"vulnerability":"VCID-d263-cpsv-fkeg"},{"vulnerability":"VCID-d4bd-m93f-aqf2"},{"vulnerability":"VCID-dgf1-ded8-4uef"},{"vulnerability":"VCID-dx1t-b982-5ucd"},{"vulnerability":"VCID-eyep-q35n-ebcv"},{"vulnerability":"VCID-fvdb-zeth-8qh7"},{"vulnerability":"VCID-g134-5qhy-mudn"},{"vulnerability":"VCID-gg3x-yz6u-nygp"},{"vulnerability":"VCID-hdw7-spv5-k3c6"},{"vulnerability":"VCID-htqe-191f-1yab"},{"vulnerability":"VCID-n6yd-31cx-zqh2"},{"vulnerability":"VCID-nahk-p3f1-8bee"},{"vulnerability":"VCID-nuz6-12nr-2yga"},{"vulnerability":"VCID-pd9w-6ke4-13hr"},{"vulnerability":"VCID-pgfy-52ca-wbbf"},{"vulnerability":"VCID-qndd-2vmq-guen"},{"vulnerability":"VCID-rgjf-p329-vbf8"},{"vulnerability":"VCID-rkx3-e4r3-c3gh"},{"vulnerability":"VCID-tgvt-rgwm-d7de"},{"vulnerability":"VCID-tt5n-k5h8-xufp"},{"vulnerability":"VCID-ty11-5ff4-s7av"},{"vulnerability":"VCID-tzyh-y7uc-hff9"},{"vulnerability":"VCID-v39f-kpce-2qhz"},{"vulnerability":"VCID-vbae-fwnr-zff5"},{"vulnerability":"VCID-vdtu-qtuw-v3fs"},{"vulnerability":"VCID-w8rd-ssb2-pkgx"},{"vulnerability":"VCID-wau6-kvqa-pbgu"},{"vulnerability":"VCID-wqt4-uc3s-zbdn"},{"vulnerability":"VCID-x48e-w1z4-57ab"},{"vulnerability":"VCID-yc8g-gqaj-8ycj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.0"}],"aliases":["CVE-2023-28475","GHSA-vcpr-hm2m-gjjj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yu9q-pa9p-huck"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.0.0RC3"}