Exposure of Concrete CMS
CMS106
exposure score
4,222
sites use
0
exploited
1
critical
CVEs
74 resultsCVE-2026-8412LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/cacheEPSS 0.1%CVE-2026-8413LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/designEPSS 0.1%CVE-2026-8414LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/event/duplicateEPSS 0.1%CVE-2026-8415LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/express/association/reorderEPSS 0.1%CVE-2026-8416LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file addFavoriteFolder($id)EPSS 0.1%CVE-2026-8432LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star()EPSS 0.1%CVE-2026-8433LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescan()EPSS 0.1%CVE-2026-8434LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple()EPSS 0.1%CVE-2026-8417HIGHConcrete CMS 9.5.0 and below is vulnerable to CSRF in do_update() in the package update controllerEPSS 0.1%CVE-2026-8203HIGHConcrete CMS 9.5.0 and below has Stored XSS on the height parameterEPSS 0.1%CVE-2026-8140HIGHConcrete CMS 9.5.0 and below is vulnerable to CSRF on download() in the package install controllerEPSS 0.1%CVE-2026-7882LOWConcrete CMS 9.5.0 and below is vulnerable to CSRF via the DeleteFile controllerEPSS 0.1%CVE-2026-8435LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file approveVersion()EPSS 0.1%CVE-2026-8340LOWConcrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersionEPSS 0.1%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →