Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist concrete5/concrete5 Security Advisories

Loading...
Low
GSA_kwCzR0hTQS1xZ205LXJ4bXEtanhtcc4AA6nk
Concrete CMS Stored XSS in the Search Field
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 3 months ago
Low
GSA_kwCzR0hTQS05cWhjLXBnNmotd2YyM84AA6nm
Concrete CMS Stored XSS in blocks of type file
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 3 months ago
Low
GSA_kwCzR0hTQS1wajQyLXI2NGYtNHhmcc4AA6ng
Concrete CMS Stored XSS on the calendar color settings screen
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 3 months ago
Low
GSA_kwCzR0hTQS14d3JoLXF4bWMteDhjOM4AA6ni
Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 3 months ago
Low
GSA_kwCzR0hTQS1yN3E0LWN3OXItdmhwNM4AA6nj
Concrete CMS Stored XSS in the Custom Class page editing
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 3 months ago
Low
GSA_kwCzR0hTQS00bTdoLTM0eG0tNHdqds4AA5xy
Concrete CMS Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0zcnh4LThmMzMtN3A2cM4AA5nJ
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS14NTc3LWdjYzktOXhqas4AA5mn
Concrete CMS Stored XSS in Layout Preset Name
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 4 months ago
Low
GSA_kwCzR0hTQS05eHh2LXE2cHAtOTZ3cc4AA5mo
Concrete CMS Stored XSS
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS00NW0yLThxN2YtOTN3ds4AA5nI
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 4 months ago
Low
GSA_kwCzR0hTQS05djN3LWNqN20tcWg1Z84AA5MU
Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 4 months ago
Low
GSA_kwCzR0hTQS1xMjVoLWpjaDgtZ2ZycM4AA5MS
Concrete CMS vulnerable to stored XSS via the Role Name field
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 4 months ago
Low
GSA_kwCzR0hTQS1tZ3A2LWo2NTgtdmN3Oc4AA5MT
Concrete CMS vulnerable to stored XSS in file tags and description attributes
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1xcDQyLTVwajctNGNjbc4AA4Bf
Concrete CMS Cross Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tODdoLWp4cjYtZjgyd84AA3O-
Concrete CMS allows unauthorized access because directories can be created with insecure permissions
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS0zNmZyLTN3ZzgtcTV2OM4AA3O6
Concrete CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS00cXY2LTM3eHEtbWdxMs4AA2oD
Concrete CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS13cnAyLTZ2NmotaGZtZ84AA2Uj
ConcreteCMS vulnerable to Stored Cross-site Scripting
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS00MzdwLWpmbTQtMjM4N84AA2RU
ConcreteCMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS02Zm0zLXI2bWYtajg3Nc4AA2RQ
ConcreteCMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS02eHg3LXI4eDQtZnBqcM4AA2RS
ConcreteCMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1qNmg1LWdndjItM3Jmds4AA2RP
ConcreteCMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1wNGpqLWd3cGctOWp3aM4AA2RR
ConcreteCMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS04Njk5LWg0NWctN2htOM4AA0SM
Concrete CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS14Zm1qLXI4Nm0tajJocs4AAzA5
Stored cross site scripting on API integration
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1waDZnLTZ2OHctOHA2bc4AAzA7
Missing rate limit for password resets
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 1 year ago
Low
GSA_kwCzR0hTQS00NzRmLW1janYtcGdybc4AAzA4
Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1mZ3hqLWc3eDMtODVjcc4AAzA6
Stored cross site scripting in RSS displayer
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yZ2djLTU1MmMtcm1xcs4AAzA2
Stored cross site scripting on tags
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yajI2LWo5NTMtMnJwaM4AAzAz
Stored cross site scripting on saved presets
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12Y3ByLWhtMm0tZ2pqas4AAzA3
Reflected cross site scripting
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1wajc2LTc1Y20tMzU1Ms4AAzA1
Concrete CMS (previously concrete5) is vulnerable to possible auth bypass in the jobs section
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05aDMzLTVmeHctcjJ4ds4AAzAx
Stored cross site scripting via container name
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mNTVyLThyY3YtbXFjZs4AAzA0
Concrete CMS missing secure cookie parameters
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14ajMzLThyNDMtcjIyN84AAwKC
Concrete CMS vulnerable to cross-site scripting in the text input field
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qZm1jLTM5NzUtZnY1Zs4AAv3T
Concrete CMS vulnerable to Reflected Cross-site Scripting via image manipulation library
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1yZzZ3LWMzNTItcDhwZ84AAv4o
Concrete CMS vulnerable to Reflected Cross-site Scripting
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05amM1LTl3aDUtbWMzNs4AAv4G
Concrete CMS vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tNTN2LTV4NXgtNW0ycM4AAv4I
Concrete CMS vulnerable to Session Fixation
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zY3h4LTNmNTMtbTkyY84AAv4m
Concrete CMS vulnerable to Uncontrolled Resource Consumption leading to DoS
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12cTM5LXE1NDktZzc4Ns4AAv4Z
Concrete CMS vulnerable to Cross-site Scripting via multilingual report
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04NzgyLXhnaDUtcjdtds4AAv4i
Concrete CMS vulnerable to Reflected Cross-Site Scripting via dashboard icons
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xM2hxLWhtNWgtcXJ4M84AAv4M
Concrete CMS vulnerable to Cleartext Transmission of Sensitive Information
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xNDhyLXhnOWgtNzhtOM4AAv4a
Concrete CMS vulnerable to XML External Entity
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xNTZyLW13MzktOTQ0Z84AAv4B
Concrete CMS vulnerable to Improper Authentication
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS13OGZwLTNnd3EtZ3hwd84AAv2t
Concrete CMS vulnerable to Cross-site Request Forgery
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03Mzg4LTd2cTItbTRmNM4AAn3p
Concrete CMS Cross-site Scripting via Survey Blocks
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0ybXZnLWM2bWctM3E2M83vUA
Concrete CMS vulnerable to cross-site scripting (XSS)
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS1ncjIzLWcyNzYteGM3M80q0w
Cross Site Request Forgery in concrete5/concrete5
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc0Z20tcHhoMy0yOWZx
Unrestricted Uploads in Concrete5
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oZjlwLTlyMzktcjJoM80Wzw
Unrestricted Uploads in Concrete5
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yODRmLWYyaHctajJneM0WYw
Server-Side Request Forgery vulnerability in concrete5
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: over 2 years ago
Statistics
Advisories: 19,336
Packages: 8,539
Repositories: 11
Ecosystems: 12
Filter by Package
moodle/moodle 342 magento/community-edition 204 typo3/cms 174 pimcore/pimcore 117 dolibarr/dolibarr 111 typo3/cms-core 106 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 91 silverstripe/framework 83 drupal/drupal 76 thorsten/phpmyfaq 70 symfony/symfony 64 librenms/librenms 54 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 showdoc/showdoc 40 craftcms/cms 40 intelliants/subrion 39 nilsteampassnet/teampass 37 froxlor/froxlor 37 shopware/core 36 zendframework/zendframework1 34 snipe/snipe-it 33 shopware/shopware 31 mautic/core 30 getgrav/grav 29 centreon/centreon 27 prestashop/prestashop 26 mediawiki/core 24 magento/core 24 grumpydictator/firefly-iii 23 simplesamlphp/simplesamlphp 23 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 zendframework/zendframework 23 getkirby/cms 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 contao/contao 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 francoisjacquet/rosariosis 17 symfony/security 17 genix/cms 17 cakephp/cakephp 17 ezsystems/ezpublish-kernel 17 topthink/framework 17 yetiforce/yetiforce-crm 16 ec-cube/ec-cube 15 smarty/smarty 15 openmage/magento-lts 15 phpmailer/phpmailer 14 typo3/cms-backend 14 silverstripe/cms 14 symfony/security-http 14 lavalite/cms 13 october/system 13 elefant/cms 13 bolt/bolt 13 impresscms/impresscms 13 codeigniter4/framework 13 phpmyfaq/phpmyfaq 12 dompdf/dompdf 12 phpbb/phpbb 12 studio-42/elfinder 12 symfony/http-foundation 11 tinymce 11 TinyMCE 11 tinymce/tinymce 11 ezsystems/ezplatform-kernel 11 feehi/feehicms 11 feehi/cms 11 wwbn/avideo 11 pimcore/admin-ui-classic-bundle 11 sylius/sylius 11 yiisoft/yii2 10 ezsystems/ezpublish-legacy 10 pagekit/pagekit 10 nukeviet/nukeviet 10 wallabag/wallabag 10 admidio/admidio 10 opencart/opencart 10 october/october 9 funadmin/funadmin 9 concrete5/core 9 ssddanbrown/bookstack 9 kevinpapst/kimai2 9 contao/core 9 alextselegidis/easyappointments 9 pimcore/customer-management-framework-bundle 8 gilacms/gila 8 statamic/cms 8 sulu/sulu 8 facturascripts/facturascripts 8 october/cms 8 composer/composer 8 silverstripe/graphql 8 croogo/croogo 8 silverstripe/admin 8 codiad/codiad 8 ezsystems/ezplatform-admin-ui 7 pterodactyl/panel 7 passbolt/passbolt_api 7 mantisbt/mantisbt 7 flarum/core 7 symfony/http-kernel 7 wpglobus/wpglobus 7 october/backend 7 guzzlehttp/guzzle 6 in2code/femanager 6 backdrop/backdrop 6 yourls/yourls 6 oro/platform 6 nystudio107/craft-seomatic 6 gleez/cms 6 zoujingli/thinkadmin 6 directmailteam/direct-mail 6 vrana/adminer 6 bagisto/bagisto 6 yiisoft/yii2-dev 6 dweeves/magmi 6 symfony/security-core 5 neos/neos 5 neos/flow 5 elgg/elgg 5 phpseclib/phpseclib 5 phpxmlrpc/phpxmlrpc 5 illuminate/database 5 automad/automad 5 woocommerce/woocommerce 5 silverstripe/assets 5 simplesamlphp/saml2 5 typo3/cms-install 5 phpservermon/phpservermon 5 bottelet/flarepoint 5 pear/archive_tar 5 typo3/flow 5 codeigniter/framework 5 cachethq/cachet 5 anchorcms/anchor-cms 5 billz/raspap-webgui 5 gugoan/economizzer 5 thinkcmf/thinkcmf 5 twig/twig 5 ibexa/core 5 wp-premium/gravityforms 4 notrinos/notrinos-erp 4 magento/product-community-edition 4 appwrite/server-ce 4 evolutioncms/evolution 4 sylius/resource-bundle 4 adodb/adodb-php 4 oro/commerce 4 idno/known 4 symfony/security-bundle 4 wintercms/winter 4 bytefury/crater 4 bref/bref 4 shopware/storefront 4 ezsystems/ezplatform 4 kimai/kimai 4 zendframework/zendopenid 4 typo3/cms-frontend 4 codeigniter4/shield 4 typo3/html-sanitizer 4 friendsofsymfony/user-bundle 4 pyrocms/pyrocms 4 modx/revolution 4 spatie/browsershot 4 phpoffice/phpspreadsheet 3 enshrined/svg-sanitize 3 phenx/php-svg-lib 3 tecnickcom/tcpdf 3 zendframework/zend-diactoros 3 joomla/framework 3 symfony/form 3 reportico-web/reportico 3 enhavo/enhavo-app 3 shopxo/shopxo 3 prestashop/productcomments 3 zendframework/zend-http 3 facade/ignition 3 pixelfed/pixelfed 3 limesurvey/limesurvey 3 artesaos/seotools 3 ckeditor4 3 bbpress/bbpress 3 typo3/cms-form 3 quickapps/cms 3 doctrine/orm 3 buddypress/buddypress 3 zencart/zencart 3 verot/class.upload.php 3 illuminate/auth 3 zendframework/zendservice-nirvanix 3 symfony/framework-bundle 3 zendframework/zendservice-audioscrobbler 3