Количество 2
Количество 2
CVE-2023-48653
почти 2 года назад
Concrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Request Forgery (CSRF) via ccm/calendar/dialogs/event/delete/submit. An attacker can force an admin to delete events on the site because the event ID is numeric and sequential.
CVSS3: 4.3
EPSS: Низкий
GHSA-3rxx-8f33-7p6p
почти 2 года назад
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
CVSS3: 4.3
EPSS: Низкий
Уязвимостей на страницу
20
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-48653 Concrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Request Forgery (CSRF) via ccm/calendar/dialogs/event/delete/submit. An attacker can force an admin to delete events on the site because the event ID is numeric and sequential. | CVSS3: 4.3 | 1% Низкий | почти 2 года назад |
| GHSA-3rxx-8f33-7p6p Concrete CMS Cross Site Request Forgery (CSRF) vulnerability | CVSS3: 4.3 | 1% Низкий | почти 2 года назад |
Уязвимостей на страницу
20