Shodan
Vulnerabilities
Vulnerable Software
Concretecms:  >> Concrete Cms  >> 9.1.3  Security Vulnerabilities
CVE-2023-28473
Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section.
CVSS Score
3.3
EPSS Score
0.001
Published
2023-04-28
CVE-2023-28474
Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Saved Presets on search.
CVSS Score
5.4
EPSS Score
0.01
Published
2023-04-28
CVE-2023-28475
Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized.
CVSS Score
6.1
EPSS Score
0.011
Published
2023-04-28
CVE-2023-28476
Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Tags on uploaded files.
CVSS Score
5.4
EPSS Score
0.01
Published
2023-04-28
CVE-2023-28477
Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter.
CVSS Score
5.5
EPSS Score
0.008
Published
2023-04-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved