Concretecms: >> Concrete Cms >> 8.5.13 Security Vulnerabilities
Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-04-28
A cross-site request forgery vulnerability exists in Concrete CMS <v9 that could allow an attacker to make requests on behalf of other users.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-02-09
Page 3