concrete5/concrete5

Licenses: MIT

Direct Vulnerabilities

Known vulnerabilities in the concrete5/concrete5 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
Authorization Bypass Through User-Controlled Key

<9.5.1
  • L
Cross-site Request Forgery (CSRF)

<9.5.1
  • L
Cross-site Scripting (XSS)

>=9.0.0RC.1, <9.5.1
  • M
Missing Authorization

<9.5.1
  • L
Cross-site Request Forgery (CSRF)

>=9.0.0RC1, <9.5.1
  • L
Cross-site Request Forgery (CSRF)

>=9.0.0RC1, <9.5.1
  • L
Cross-site Scripting (XSS)

<9.5.1
  • L
Cross-site Request Forgery (CSRF)

>=9.0.0RC1, <9.5.1
  • M
Access Control Bypass

<9.5.1
  • M
Missing Authorization

<9.5.1
  • L
Cross-site Request Forgery (CSRF)

>=9.0.0RC1, <9.5.1
  • L
Improper Validation of Specified Type of Input

<9.5.1
  • M
Cross-site Scripting (XSS)

<9.5.1
  • M
Missing Authorization

<9.5.1
  • H
Cross-site Request Forgery (CSRF)

<9.5.1
  • H
Cross-site Scripting (XSS)

<9.5.1
  • M
Authorization Bypass Through User-Controlled Key

<9.5.1
  • H
Incorrect Authorization

<9.5.1
  • M
Authorization Bypass Through User-Controlled Key

<9.5.1
  • M
Direct Request ('Forced Browsing')

<9.5.1
  • L
Cross-site Request Forgery (CSRF)

>=9.0.0RC1, <9.5.1
  • L
Cross-site Request Forgery (CSRF)

>=9.0.0RC1, <9.5.1
  • L
Sensitive Cookie with Improper SameSite Attribute

>=9.0.0RC1, <9.5.1
  • M
Improper Privilege Management

<9.5.1
  • L
Cross-site Request Forgery (CSRF)

>=9.0.0RC1, <9.5.1
  • L
Cross-site Request Forgery (CSRF)

>=9.0.0RC1, <9.5.1
  • L
Server-side Request Forgery (SSRF)

<9.5.1
  • L
Cross-site Request Forgery (CSRF)

>=9.0.0RC1, <9.5.1
  • H
Cross-site Request Forgery (CSRF)

<9.5.1
  • H
Deserialization of Untrusted Data

<9.5.1
  • M
Information Exposure

<9.5.1
  • H
Cross-site Request Forgery (CSRF)

<9.5.1
  • L
Cross-site Request Forgery (CSRF)

<9.5.1
  • H
Cross-site Scripting (XSS)

<9.5.1
  • M
Missing Authorization

<9.5.1
  • H
Cross-site Request Forgery (CSRF)

<9.5.1
  • H
Cross-site Request Forgery (CSRF)

<9.5.1
  • L
Authorization Bypass Through User-Controlled Key

<9.5.1
  • L
Cross-site Request Forgery (CSRF)

>=9.0.0RC1, <9.5.1
  • L
Cross-site Request Forgery (CSRF)

>=9.0.0RC1, <9.5.1
  • L
Cross-site Request Forgery (CSRF)

>=9.0.0RC1, <9.5.1
  • M
Missing Authorization

<9.5.1
  • C
Relative Path Traversal

<9.5.1
  • M
Authorization Bypass Through User-Controlled Key

<9.5.1
  • H
Allocation of Resources Without Limits or Throttling

<9.5.1
  • M
Cross-site Scripting (XSS)

<8.5.21>=9.0.0RC1, <9.4.3
  • L
Cross-site Scripting (XSS)

>=9.0.0RC1, <9.4.3
  • M
Cross-site Scripting (XSS)

<5.7.4
  • M
Cross-site Request Forgery (CSRF)

<8.5.20>=9.0.0RC1, <9.4.0RC2
  • M
Cross-site Scripting (XSS)

<9.4.0RC1
  • M
Cross-site Scripting (XSS)

>=9.0.0, <9.3.4
  • M
Cross-site Scripting (XSS)

>=9.0.0, <9.3.4<8.5.19
  • L
Cross-site Scripting (XSS)

<8.5.18>=9.0.0RC1, <9.3.3
  • L
Cross-site Scripting (XSS)

>=9.0.0RC1, <9.3.3
  • L
Cross-site Scripting (XSS)

<8.5.18>=9.0.0RC1, <9.3.3
  • L
Cross-site Scripting

<9.3.3
  • L
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

<8.5.16>=9.0.0RC1, <9.2.8
  • L
Cross-site Scripting (XSS)

<8.5.16>=9.0.0RC1, <9.2.8
  • L
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

<8.5.16>=9.0.0RC1, <9.2.8
  • L
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

<8.5.16>=9.0.0RC1, <9.2.8
  • L
Cross-site Scripting (XSS)

<8.5.16>=9.0.0RC1, <9.2.8
  • L
Improper Input Validation

>=9.0.0, <9.2.7
  • L
Improper Input Validation

>=9.0.0, <9.2.5
  • L
Improper Input Validation

>=9.0.0, <9.2.5
  • L
Improper Input Validation

>=9.0.0, <9.2.5
  • L
Cross-site Scripting (XSS)

>=9.0.0, <9.2.3
  • M
Cross-Site Request Forgery (CSRF)

<8.5.14>=9.0.0, <9.2.3
  • M
Cross-Site Request Forgery (CSRF)

>=9.0.0, <9.2.3
  • L
Cross-site Scripting (XSS)

<8.5.14>=9.0.0, <9.2.3
  • M
Cross-Site Request Forgery (CSRF)

>=9.0.0, <9.2.3
  • L
Cross-site Scripting (XSS)

<8.5.13>=9.2.0, <9.2.2
  • C
Incorrect Default Permissions

<8.5.13>=9.2.0, <9.2.2
  • M
Cross-site Scripting (XSS)

<8.5.13>=9.2.1, <9.2.2
  • M
Cross-site Scripting (XSS)

>=9.2.1, <9.2.3
  • M
Cross-site Scripting (XSS)

>=9.2.1, <9.2.3
  • M
Cross-site Scripting (XSS)

<8.5.13>=9.2.1, <9.2.2
  • M
Cross-site Scripting (XSS)

<8.0
  • M
Cross-site Scripting (XSS)

<9.2.0
  • L
Cross-site Scripting (XSS)

<9.1.0
  • M
Weak Password Requirements

<9.1.0
  • M
Cross-site Scripting (XSS)

<9.1.0
  • M
Cross-site Scripting (XSS)

<9.2.0
  • M
Cross-site Scripting (XSS)

<9.2.0
  • L
Sensitive Cookie in HTTPS Session Without "Secure" Attribute

<9.2.0
  • L
Cross-site Scripting (XSS)

<9.2.0
  • L
Authentication Bypass

<9.2.0
  • L
Cross-site Scripting (XSS)

<9.2.0
  • M
Cross-site Scripting (XSS)

<8.5.10>=9.0.0, <9.1.3
  • M
Cross-site Request Forgery (CSRF)

<8.5.10>=9.0.0RC1, <9.1.3
  • L
Cross-site Scripting (XSS)

<8.5.10>=9.0.0RC1, <9.1.3
  • M
Cross-site Scripting (XSS)

<8.5.10>=9.0.0RC1, <9.1.3
  • M
Cross-site Scripting (XSS)

<8.5.10>=9.0.0RC1, <9.1.3
  • L
Cross-site Scripting (XSS)

<8.5.10>=9.0.0RC1, <9.1.3
  • M
Information Exposure

<8.5.0>=9.0.0RC1, <9.1.3
  • M
Cross-site Scripting (XSS)

<8.5.0>=9.0.0RC1, <9.1.3
  • M
Denial of Service (DoS)

<8.5.0>=9.0.0RC1, <9.1.3
  • L
Access Restriction Bypass

<8.5.0>=9.0.0RC1, <9.1.3
  • L
XML External Entity (XXE) Injection

<8.5.0>=9.0.0RC1, <9.1.3
  • M
Session Fixation

<8.5.0>=9.0.0RC1, <9.1.3
  • L
Cross-site Scripting (XSS)

<8.5.0>=9.0.0RC1, <9.1.3
  • M
Cross-site Request Forgery (CSRF)

<9.0.0
  • M
Insecure Permissions

<8.5.7
  • M
Access Restriction Bypass

<8.5.7
  • M
Arbitrary Code Execution

<8.5.7
  • L
Server-side Request Forgery (SSRF)

<8.5.7>=9.0.0, <9.0.1
  • H
Privilege Escalation

<8.5.7
  • M
Access Restriction Bypass

<8.5.7
  • L
Server-side Request Forgery (SSRF)

<8.5.7
  • L
Server-side Request Forgery (SSRF)

<8.5.5
  • M
Open Redirect

<8.5.6
  • M
Improper Input Validation

<8.5.6
  • M
Directory Traversal

<8.5.6
  • H
Directory Traversal

<8.5.6
  • M
Directory Traversal

<8.5.6
  • M
Cross-site Scripting (XSS)

<8.5.6
  • M
Cross-site Scripting (XSS)

<8.5.6
  • H
Cross-site Request Forgery (CSRF)

<8.5.6
  • C
Deserialization of Untrusted Data

<9.0.0RC1
  • M
Cross-site Scripting (XSS)

<8.5.5
  • H
Remote Code Execution (RCE)

<8.5.3
  • H
Unrestricted Upload of File with Dangerous Type

<8.5.3
  • M
Improper Input Validation

<8.5.3
  • H
Server Side Request Forgery (SSRF)

<8.3.0
  • M
Information Exposure

<8.3.0