Every CVE whose affected-product data names Concrete5, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2017-6905 — CVSS 6.1 (medium): An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data…
CVE-2017-6908 — CVSS 6.1 (medium): An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (fID) passed…
CVE-2014-5107 — CVSS 5.0 (medium): concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to (1) system/basics/editor.php, (2)…
CVE-2012-5181 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows…
CVE-2015-3989 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML…
CVE-2015-2250 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML…
CVE-2014-5108 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject…
CVE-2014-9526 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web…