Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Concrete CMS — Vulnerabilities & Security Advisories 27

Browse all 27 CVE security advisories affecting Concrete CMS. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Concrete CMS:Concrete CMSConcrete CMS
CVE IDTitleCVSSSeverityPublished
CVE-2026-2994 Concrete CMS below 9.4.8 is vulnerable to CSRF by a Rogue Admin using the Anti-Spam Allowlist Group — Concrete CMSCWE-352 6.8 -2026-03-04
CVE-2026-3240 Concrete CMS below 9.4.8 is vulnerable to Stored XSS via Legacy form — Concrete CMSCWE-79 5.4 -2026-03-04
CVE-2026-3241 Concrete CMS below version 9.4.8 is vulnerable to a stored cross-site scripting (XSS) in the "Legacy Form" block. — Concrete CMSCWE-79 4.8 -2026-03-04
CVE-2026-3242 Concrete CMS below 9.4.8 is vulnerable to Stored XSS in the Switch Language block — Concrete CMSCWE-79 4.8 -2026-03-04
CVE-2026-3244 Concrete CMS below version 9.4.8 is vulnerable to Stored XSS in Search Results via Page Names — Concrete CMSCWE-79 4.8 -2026-03-04
CVE-2026-3452 Concrete CMS below 9.4.8 is vulnerable to stored deserialization leading to RCE in the Express Entry List block. — Concrete CMSCWE-502 7.2 -2026-03-04
CVE-2025-8571 Concrete CMS 9 through 9.4.2 and below 8.5.21 is vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page — Concrete CMSCWE-20 6.1AIMediumAI2025-08-05
CVE-2025-8573 Concrete CMS 9 through 9.4.2 is vulnerable to Stored XSS from Home Folder on Members Dashboard page — Concrete CMSCWE-20 4.8AIMediumAI2025-08-05
CVE-2025-3153 Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 - CSRF and XSS in Concrete CMS Custom Address attribute — Concrete CMSCWE-79 5.4AIMediumAI2025-04-03
CVE-2025-0660 Stored XSS in Folder Function by Rogue Admin — Concrete CMSCWE-20 4.8 -2025-03-10
CVE-2024-7398 Concrete CMS Stored XSS Vulnerability in Calendar Event Addition Feature — Concrete CMSCWE-79 4.8AIMediumAI2024-09-24
CVE-2024-8291 Concrete CMS Stored XSS in Image Editor Background Color — Concrete CMSCWE-22 4.8AIMediumAI2024-09-24
CVE-2024-8660 Stored XSS in the "Top Navigator Bar" block — Concrete CMSCWE-79 4.8 -2024-09-17
CVE-2024-8661 Concrete CMS version 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the "Next&Previous Nav" block — Concrete CMSCWE-79 4.8 -2024-09-16
CVE-2024-4350 Concrete CMS version 9 below 9.3.3 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer — Concrete CMSCWE-79 4.8AIMediumAI2024-08-09
CVE-2024-7512 Concrete CMS Stored XSS in Board instances — Concrete CMSCWE-20 4.8AIMediumAI2024-08-09
CVE-2024-7394 Concrete CMS version 9.0.0 through 9.3.2 and below 8.5.18 - Stored XSS in getAttributeSetName() — Concrete CMSCWE-79 4.8AIMediumAI2024-08-08
CVE-2024-4353 Stored XSS in Generate Board Name Input Field — Concrete CMSCWE-20 4.8AIMediumAI2024-08-01
CVE-2024-3181 Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. — Concrete CMSCWE-79 3.1 Low2024-04-03
CVE-2024-3180 Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file — Concrete CMSCWE-79 3.1 Low2024-04-03
CVE-2024-3179 Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page — Concrete CMSCWE-79 3.1 Low2024-04-03
CVE-2024-3178 Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter — Concrete CMSCWE-79 3.1 Low2024-04-03
CVE-2024-2753 Concrete CMS version 9 below 9.2.8 and below 8.5.16 is vulnerable to stored XSS on the calendar color settings screen — Concrete CMSCWE-79 2.0 Low2024-04-03
CVE-2024-2179 Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type — Concrete CMSCWE-79 2.2 Low2024-03-05
CVE-2024-1245 Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes — Concrete CMS CWE-20 2.4 Low2024-02-09
CVE-2024-1247 Concrete CMS version 9 before 9.2.5 vulnerable to stored XSS via the Role Name field — Concrete CMSCWE-20 2.0 Low2024-02-09
CVE-2011-3183 Concrete CMS 跨站脚本漏洞 — Concrete CMS 6.1 -2020-01-14

This page lists every published CVE security advisory associated with Concrete CMS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.