Bogdan

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions prior to 8.5.10 Concrete CMS versions 9.0.0 through 9.1.2 **Description** The issue is related to Reflected XSS in the dashboard icons due to un-sanitized output. **Recommendations** For Concrete CMS versions prior to 8.5.10, update to Concrete CMS 8.5.10 or later. For Concrete CMS versions 9.0.0 through 9.1.2, update to Concrete CMS 9.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS (formerly concrete5) versions 9.0.0 through 9.1.2 Concrete CMS (formerly concrete5) versions prior to 8.5.10 **Description** The issue allows the authTypeConcreteCookieMap table to be filled up, causing a denial of service due to high load. **Recommendations** For versions prior to 8.5.10, update to version 8.5.10 or later. For versions 9.0.0 through 9.1.2, update to a version later than 9.1.2.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS (formerly concrete5) versions below 8.5.10 Concrete CMS (formerly concrete5) versions 9.0.0 through 9.1.2 **Description** The issue arises when Concrete CMS does not issue a new session ID upon successful OAuth authentication. This can lead to potential security risks. **Recommendations** For Concrete CMS versions below 8.5.10, update to Concrete CMS 8.5.10 or later. For Concrete CMS versions 9.0.0 through 9.1.2, update to Concrete CMS 9.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions prior to 8.5.10 Concrete CMS versions 9.0.0 through 9.1.2 **Description** The issue is related to Stored Cross-Site Scripting (XSS) in icons, specifically due to the Microsoft application tile color not being sanitized. **Recommendations** For Concrete CMS versions prior to 8.5.10, update to Concrete CMS 8.5.10 or later. For Concrete CMS versions 9.0.0 through 9.1.2, update to Concrete CMS 9.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS (formerly concrete5) versions below 8.5.10 Concrete CMS (formerly concrete5) versions 9.0.0 through 9.1.2 **Description** The issue allows for XXE based DNS requests, which can lead to IP disclosure. This occurs due to a vulnerability in the Concrete CMS software, where an attacker can exploit the XML External Entity (XXE) feature to make unauthorized DNS requests, potentially revealing the IP address of the system. **Recommendations** For versions below 8.5.10, update to version 8.5.10 or later. For versions 9.0.0 through 9.1.2, update to version 9.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions prior to 8.5.10 Concrete CMS versions 9.0.0 through 9.1.2 **Description** The issue is related to the use of non-strict comparison for the `legacy salt`, which could lead to limited authentication bypass if this functionality is used. **Recommendations** For Concrete CMS versions prior to 8.5.10, update to version 8.5.10 or later. For Concrete CMS versions 9.0.0 through 9.1.2, update to version 9.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS (formerly concrete5) versions below 8.5.10 Concrete CMS (formerly concrete5) versions between 9.0.0 and 9.1.2 **Description** The issue inadvertently discloses server-side sensitive information, including secrets in environment variables and server information, when Debug Mode is left on in production. **Recommendations** For Concrete CMS (formerly concrete5) versions below 8.5.10, update to version 8.5.10 or later to resolve the issue. For Concrete CMS (formerly concrete5) versions between 9.0.0 and 9.1.2, update to version 9.1.3 or later to resolve the issue. As a temporary workaround, consider disabling Debug Mode in production environments until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions prior to 8.5.10 Concrete CMS versions 9.0.0 through 9.1.2 **Description** The issue allows a user to cause an administrator to trigger reflected XSS with a URL if the targeted administrator is using an old browser that lacks XSS protection. **Recommendations** For Concrete CMS versions prior to 8.5.10, update to version 8.5.10 or later. For Concrete CMS versions 9.0.0 through 9.1.2, update to version 9.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS (affected versions not specified) **Description** The issue is related to a lack of the `State` parameter for the external Concrete authentication service, specifically affecting users who utilize the "out of the box" core OAuth. This leads to a CSRF concern. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS (formerly concrete5) versions 8.5.9 and earlier Concrete CMS (formerly concrete5) versions 9.0.0 through 9.1.2 **Description** The issue is related to Reflected XSS in the image manipulation library due to un-sanitized output. **Recommendations** For Concrete CMS (formerly concrete5) versions 8.5.9 and earlier, update to version 8.5.10 or later. For Concrete CMS (formerly concrete5) versions 9.0.0 through 9.1.2, update to version 9.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions prior to 8.5.10 Concrete CMS versions 9.0.0 through 9.1.2 **Description** The issue allows for Stored Cross-Site Scripting (XSS) in the dashboard/system/express/entities/associations endpoint because Concrete CMS permits association with an entity name that does not exist or, if it does exist, contains XSS since it was not properly sanitized. **Recommendations** For Concrete CMS versions prior to 8.5.10, update to version 8.5.10 or later. For Concrete CMS versions 9.0.0 through 9.1.2, update to version 9.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions below 8.5.10 Concrete CMS versions 9.0.0 through 9.1.2 **Description** The issue is related to Reflected XSS in the multilingual report due to un-sanitized output. **Recommendations** For Concrete CMS versions below 8.5.10, update to Concrete CMS 8.5.10 or later. For Concrete CMS versions 9.0.0 through 9.1.2, update to Concrete CMS 9.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Symfony versions 5.3.0 through 5.3.1 **Description** A vulnerability in Symfony is related to firewall authentication. When an application defines multiple firewalls, the token authenticated by one of the firewalls was available for all other firewalls. This could be abused when the application defines different providers for each part of the application, allowing a user authenticated on a part of the application to be considered authenticated on the rest of the application. **Recommendations** For Symfony versions 5.3.0 through 5.3.1, update to version 5.3.2 or later, where a patch ensures that the authenticated token is only available for the firewall that generates it. As a temporary workaround, consider restricting access to sensitive parts of the application to minimize the risk of exploitation.