concrete5/concrete5 vulnerabilities

concrete5 open source CMS

Latest version: 8.5.5

Licenses detected

  • license: MIT >= 0
Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the concrete5/concrete5 package. This does not include vulnerabilities belonging to this package’s dependencies.

Report new vulnerabilities
Vulnerability Vulnerable versions Snyk patch Published
  • M
Cross-site Scripting (XSS)
<8.5.5 Not available 19 Mar, 2021
  • H
Remote Code Execution (RCE)
<8.5.3 Not available 06 Sep, 2020
  • H
Unrestricted Upload of File with Dangerous Type
<8.5.3 Not available 29 Jul, 2020
  • M
Improper Input Validation
<8.5.3 Not available 22 Jun, 2020
  • H
Server Side Request Forgery (SSRF)
<8.3.0 Not available 23 Jul, 2018
  • M
Information Exposure
<8.3.0 Not available 12 Mar, 2018