Metrics
Affected Vendors & Products
Thu, 04 Sep 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:* | |
Metrics |
cvssV3_1
|
Mon, 11 Aug 2025 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page. Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks sealldev for reporting via HackerOne. | Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page. Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks sealldev (Noah Cooper) for reporting via HackerOne. |
Wed, 06 Aug 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 06 Aug 2025 08:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Concretecms
Concretecms concrete Cms |
|
Vendors & Products |
Concretecms
Concretecms concrete Cms |
Tue, 05 Aug 2025 22:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page. Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks sealldev for reporting via HackerOne. | |
Title | Concrete CMS 9 through 9.4.2 is vulnerable to Stored XSS from Home Folder on Members Dashboard page | |
Weaknesses | CWE-20 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: ConcreteCMS
Published:
Updated: 2025-08-11T17:18:44.249Z
Reserved: 2025-08-04T23:10:03.162Z
Link: CVE-2025-8573

Updated: 2025-08-06T14:08:47.749Z

Status : Analyzed
Published: 2025-08-05T23:15:39.190
Modified: 2025-09-04T15:54:04.350
Link: CVE-2025-8573

No data.

Updated: 2025-08-06T07:50:29Z