Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-28471: Home

Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name.

CVE
#xss#web#mac#auth#ssl

Trusted by the best

In a crowded marketspace, Concrete stands out as a solution that pairs robust functionality with ease of use and a low cost of deployment.

Ben Dickie Research Director - Enterprise Applications at Info-Tech Research Group

Listen to our Customers

Read More Reviews

In-Context Editing

  • Effortlessly edit your website like you’re writing a document.
  • New content editors can be trained in minutes flat.
  • Better tools make better work. Enjoy the process.

Schedule Demo

Because the system is a pleasure to use for our authors, our content is fresher.

Stefan Glut Online Communications Officer, BASF Corporation

Powerful Permissions

  • User roles and groups provide a powerful tool for managing access control and permissions, ensuring that your website is secure and accessible to authorized users only.
  • Granular permissions that let you control every aspect of your website with ease.
  • Transform your content editing process with efficient and secure approval workflows.
  • Streamline collaboration on your website with Concrete CMS.
  • Track changes made to your website with a complete record of who made each change.
  • Review, compare, and roll back to previous versions.

Schedule Demo

Amazing and really well thought out CMS. Great for editors and very good for developers to build off.

Tim Macknelly Creative Director, TM Designs

Secure & Supported

  • You get a fully ISO:27001 solution out of the box.
  • All our hosting is SOC 2 Security and Availability Certified and HIPAA Compliant.
  • Used by the U.S. Army. Choose to host your site with us to meet any unique compliance and security needs your organization may have.

Schedule Demo

Concrete CMS powers an Army web presence that hundreds of editors use with very limited training. It also meets our complex security and compliance requirements.

Melanie Reagin U.S. Army, IMCOM

The Basketball Hall of Fame Scores Big With A Concrete CMS-Powered Website

Apr 27, 2023

Explore the Basketball Hall of Fame’s website, built with Concrete CMS for a slam dunk user experience. Learn about the history and legacy of basketball while staying up-to-date with the latest events and guest appearances by basketball legends.

Ways to Contribute to FOSS Beyond Development

Apr 25, 2023

Discover how non-developers can make valuable contributions to Free and Open Source Software (FOSS) through documentation, translation, design, support, marketing, and testing. Learn how to get involved and make a difference in the FOSS community.

The Power of Concrete CMS: Goodwill of Western and Northern Connecticut and Walk Japan’s Success Stories

Apr 20, 2023

Find out how Concrete CMS helped Goodwill of Western and Northern Connecticut and Walk Japan make their websites better and attract more customers. Thanks to Concrete CMS, they were able to make their sites easy to use and reliable, resulting in happier customers and more money in their pockets.

Related news

CVE-2023-48649: 2023-11-09 Security Blog about updated CVEs and new releases

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name.

GHSA-9h33-5fxw-r2xv: Stored cross site scripting via container name

Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907